Utstarcom en GEPON BBS1000plus CLI Operation R2.32.1.28

GEPON OLT
BBS 1000+
Release 2.32.1.28
CLI Operation Guide
Optical Line Terminal

System Release 2.0
Doc. Code L2 CO00 2321 06 15 00

GEPON OLT
BBS 1000+
Release 2.32.1.28
CLI Operation Guide
Optical Line Terminal

System Release 2.0
Doc. Code L2 CO00 2321 06 15 00

Copyright 2006-2007, UTStarcom, Inc. All rights reserved. No part of this documentation may be reproduced in any form or
by any means or used to make any derivative work (such as translation, transformation, or adaptation) without prior written
permission from UTStarcom, Inc.
UTStarcom, Inc. reserves the right to revise this documentation and to make changes in content from time to time without
obligation on the part of UTStarcom, Inc. to provide notification of such revision or change.
UTStarcom, Inc. provides this documentation without warranty of any kind, either implied or expressed, including, but not
limited to, the implied warranties of merchantability and fitness for a particular purpose. UTStarcom may make improvements
or changes in the product(s) and/or the program(s) described in this documentation at any time.
UNITED STATES GOVERNMENT LEGENDS:
If you are a United States government agency, then this documentation and the software described herein are provided to you
subject to the following:
United States Government Legend: All technical data and computer software is commercial in nature and developed solely
at private expense. Software is delivered as Commercial Computer Software as defined in DFARS 252.227-7014 (June 1995)
or as a commercial item as defined in FAR 2.101(a) and as such is provided with only such rights as are provided in
UTStarcom's standard commercial license for the Software. Technical data is provided with limited rights only as provided in
DFAR 252.227-7015 (Nov. 1995) or FAR 52.227-14 (June 1987), whichever is applicable. You agree not to remove or deface
any portion of any legend provided on any licensed program or documentation contained in, or delivered to you in conjunction
with, this User Guide.
UTStarcom, the UTStarcom logo, !-Volution, AIRSTAR, AN-2000, AN-FTTB, CommWorks, the CommWorks logo, iAN, iCell,
Internode, Intranode, iPATH, ISP, MovingMedia, mSwitch, Next Generation Network Technology. Now, NGDLC, PAS, PAS
Wireless, Seamless World, Softexchange, Sonata, Sonata Access Tandem, Sonata HLR, Sonata IP, Sonata MSC, Sonata
WLL, Telos, Total Control, Unitech, WACOS, WICOPS, WLL, and Xtreme IP are registered trademarks or trademarks of
UTStarcom, Inc. and its subsidiaries.
Intel and Pentium are registered trademarks of the Intel Corporation or its subsidiaries in the United States and other
countries. Microsoft, Windows, Windows NT, and NetMeeting are registered trademarks of Microsoft Corporation. Sun, Java,
and Solaris are trademarks or registered trademarks of Sun Microsystems, Inc. Oracle is a registered trademark of Oracle
Corporation. HP, HP-UX, and HP Openview are trademarks or registered trademarks of the Hewlett-Packard Company.
Other brand and product names may be registered trademarks or trademarks of their respective holders.
CONTENTS
ABOUT THIS GUIDE

Conventions ............................................................................................................................. 27
Figures and Screen Captures............................................................................................. 28
Related Documentation............................................................................................................ 28
Contacting Customer Service .................................................................................................. 29
Obtaining Technical Assistance .......................................................................................... 29
Support Website ................................................................................................................. 29
Warranty Support................................................................................................................ 29
Contacting Technical Documentation....................................................................................... 29
1 COMMAND LINE INTERFACE

Using Terminal Emulation to login to BBS 1000+ .................................................................... 31
Using telnet to login to BBS 1000+ .......................................................................................... 34
Login Session ......................................................................................................................... 35
Logout the BBS 1000+............................................................................................................. 36
CLI Command Mode ................................................................................................................ 36
EXEC.................................................................................................................................. 36
Privileged EXEC ................................................................................................................. 36
Configure Management ...................................................................................................... 37
Configure Terminal ............................................................................................................. 37
Global Configuration ..................................................................................................... 37
OLT Interface Configuration .......................................................................................... 37
ONU Configuration ....................................................................................................... 37
CLI Access Level ..................................................................................................................... 39
CLI Syntax Conventions........................................................................................................... 40
CLI Command Help ................................................................................................................. 40
Hotkey...................................................................................................................................... 41
2 BEFORE SYSTEM CONFIGURATION

BBS 1000+ System Hardware ................................................................................................. 43
BBS 1000+ PON Running Mode.............................................................................................. 44
Tag Handling in Different Running Mode ............................................................................ 45
Updating the Running Mode............................................................................................... 46
Running mode Configuring related Commands ................................................................. 49
BBS 1000+ Start Up Procedures ............................................................................................. 50
3 STARTING UP BBS 1000+ SYSTEM

Setting up BBS 1000+ as a L2 switch...................................................................................... 51
ONU Lport (Logical Port) Assignment ................................................................................ 51
Doc. Code L2 CO00 2321 06 15 00 GEPON OLT BBS 1000+

June 2007 CLI Operation Guide
6
ONU Registration Process ................................................................................................. 52

In-Band and Out-Band Management ................................................................................. 52
ICMP/ARP .......................................................................................................................... 52
Configuring BBS 1000+ as a L2 Switch ............................................................................ 52
Application Description ................................................................................................. 52
Example Topology......................................................................................................... 53
Configuration Requirements ......................................................................................... 54
Configuration Tasks............................................................................................................ 54
Reconfigure the Management port IP address ............................................................ 54
Login to BBS 1000+ via the management port ............................................................ 54
Configure the ONU's MAC and PON's lport binding ..................................................... 55
Activate the OLT port and the lport binding................................................................... 56
Verify the OLT and ONUs configuration........................................................................ 56
Configure the service VLAN for GE3/1 in Unique-tag Mode......................................... 57
Configure the service VLAN for GE3/1& GE1/1 in Stack-tag Mode .............................. 57
Configure the service VLAN for GE3/1 & GE1/1 in Transparent Mode......................... 58
Perform a connection test ............................................................................................. 59
Configuring BBS 1000+ as an L3 switch ................................................................................. 60
PON Authentication Method............................................................................................... 60
Configuring BBS 1000+ as an L3 Switch ........................................................................... 60
Application Description ................................................................................................. 60
Reconfigure the Management port's IP address........................................................... 62
Login to BBS 1000+ via the Management port ............................................................. 63
Configure the ONU's lport and PON's MAC binding. .................................................... 63
Activate the OLT port and enable lport binding............................................................. 64
Verify the OLT and ONUs configuration........................................................................ 65
Configure the Router Interface for GE3/1. .................................................................... 65
Configure the Super SVI in Unique-tag Mode............................................................... 66
Configure the Super SVI in Transparent Mode ............................................................. 67
Configure the Super SVI in Stack-tag Mode ................................................................. 68
Create a Router Interface on the Cisco switch. ............................................................ 70
Add a static route on BBS 1000+.................................................................................. 71
Configure the IP address for the PCs ........................................................................... 71
ARP Configuration on BBS 1000+. ............................................................................... 72
BBS 1000+ Working in QinQ Mode ......................................................................................... 75
Application Description....................................................................................................... 75
Verify that BBS 1000+ is running in QinQ mode........................................................... 76
Create ISP Service VLAN 10 ........................................................................................ 77
Configure the Onu-vlan of the ONU connected to OLT1/1. .......................................... 77
Result Analysis: ............................................................................................................ 77
GEPON OLT BBS 1000+ Doc. Code L2 CO00 2321 06 15 00

CLI Operation Guide June 2007
7
4 IN-BAND AND OUT-BAND SETTING

In-band and Out-band Introduction .......................................................................................... 79
In-Band Management Configuration ............................................................................. 79
Out-Band Management Configuration .......................................................................... 80
TTL for Management..................................................................................................... 80
In-Band Configuration example-- SVI ..................................................................................... 81
Configuration Tasks ............................................................................................................ 81
Configure the BBS 1000+ GE3/1 uplink port as SVI .................................................... 81
Verify Out-band default gateway ................................................................................... 82
Configure SVI on the Cisco switch................................................................................ 84
Add a static IP route on BBS 1000+ ............................................................................. 85
Configure the gateway for the PC ................................................................................. 85
Login to BBS 1000+ via telnet....................................................................................... 86
Initial SNMP Configuration....................................................................................................... 87
Application Description.................................................................................................. 87
Example topology.......................................................................................................... 87
Configuration Tasks ............................................................................................................ 87
Configure the BBS 1000+ GE3/1 uplink port as an SVI ............................................... 88
SNMP Configuration on BBS 1000+. ............................................................................ 89
Add BBS 1000+ Node on Netman 4000 OMC-D. ......................................................... 90
5 BASIC CONFIGURATION
Configuring Basic System Information ..................................................................................... 93
Configuring Layer 2 Ports ........................................................................................................ 95
Introduction to BBS 1000+ GE ports........................................................................................ 95
GE Port Features................................................................................................................ 95
Administrative Status .................................................................................................... 95
Link Status of GE Port................................................................................................... 96
PVID.............................................................................................................................. 96
Traffic Storm Control ..................................................................................................... 96
Auto Negotiation............................................................................................................ 97
Flow Control .................................................................................................................. 97
Ingress filter................................................................................................................... 98
Rate Limit ...................................................................................................................... 98
User-isolation ................................................................................................................ 98
GE ports Configuration Tasks............................................................................................. 99
Configuring Layer 2 Link Aggregation ................................................................................... 100
Link Aggregation Interface Restrictions............................................................................ 100
Link Aggregation Layer 2 Configuration Tasks ................................................................. 101
Link Aggregation Group Management Procedure ............................................................ 101
Example of Creating an L2 Link Aggregation Group ........................................................ 102
Application Description................................................................................................ 102
Example Topology....................................................................................................... 103

8
Configuration Requirements ....................................................................................... 103

Configuration Tasks.......................................................................................................... 104
Create the Link Aggregation Group ............................................................................ 104
Add the LAG to the VLANs ......................................................................................... 105
Ensure that ports are members of the LAG VLANs .................................................... 105
Add Port Members to the LAG.................................................................................... 106
Configure the LAGs PVID ........................................................................................... 107
Assign an LAG Name ................................................................................................. 108
Verify the Link Aggregation configuration on BBS 1000+ ........................................... 108
Removing the LAG on BBS 1000+................................................................................... 108
Basic steps involved in removing an LAG................................................................... 108
Step1: Disconnect the physical LAG connections....................................................... 109
Step2: Remove Members from the LAG ..................................................................... 109
Step3: Remove the LAG from the VLANs................................................................... 110
Step4: Remove the Link Aggregation Interface ...........................................................111
Delete the Link Aggregation Directly............................................................................111
Practical Configuration Tips...............................................................................................111
Create VLAN 101 and 102 and assign member ports to the VLANs ...........................111
Create LAG 2 .............................................................................................................. 112
Add LAG 2 to VLAN 101 and 102 ............................................................................... 112
Add GE3/3-4 as member of LAG 2 ............................................................................ 112
Verify the Link Aggregation 2 ...................................................................................... 112
Link Aggregation Group Load-sharing Algorithm ............................................................. 113
Introduction ................................................................................................................. 113
Example of Using DMAC as the Loading-sharing Rule.................................................... 114
Application Description ............................................................................................... 114
Configure Requirements ............................................................................................. 115
Configuration Steps..................................................................................................... 115
Result Analyze ............................................................................................................ 117
Example of Using DIP XOR SIP as the Loading-sharing Rule......................................... 119
Configure Requirements ............................................................................................. 120
Configure Steps .......................................................................................................... 120
Result Analyze ............................................................................................................ 122
Configuring Interface Range .................................................................................................. 124
Interface Range Configuration Commands ...................................................................... 124
Interface Range Configuration Example .......................................................................... 125
Enter the Interface Range Configuration command mode.......................................... 125
Set the PVID for all ports in the range ........................................................................ 125
Verify the configuration ............................................................................................... 125
Configuring Layer 3 Interface Parameters ............................................................................. 125
Status Introduction............................................................................................................ 125
Configuring Secondary IP address................................................................................... 126
Configuring Routed Port Interface ......................................................................................... 128
Example of Configuring a Routed Interface .................................................................... 128

9
Create a Routed Interface........................................................................................... 128

Remove the RI Interface ............................................................................................ 129
Configuring Switch Virtual Interface (SVI).............................................................................. 129
Example of Configuring SVI ............................................................................................ 131
Create a SVI................................................................................................................ 131
Remove the SVI ......................................................................................................... 131
Configuring a Super SVI ....................................................................................................... 132
Configuring a Super SVI Example.................................................................................... 133
Create a Super SVI ..................................................................................................... 133
Delete the Super SVI Interface ................................................................................... 134
Creating Layer 3 Link Aggregation Interfaces........................................................................ 134
Link Aggregation Interface based on SVI Example .......................................................... 134
Configuration Tasks .......................................................................................................... 135
Configure Link Aggregation Group 1........................................................................... 135
Configure a SVI Interface............................................................................................ 136
Create an Ethernet SVI VLAN 600 on the Cisco switch.............................................. 136
Connection Testing...................................................................................................... 137
Removing all configurations in this example from BBS 1000+ ......................................... 137
Link Aggregation Interface based on Routed Interface Example ..................................... 138
Create and Configure Link Aggregation Group 2........................................................ 138
Create two Routed Interfaces ..................................................................................... 139
Assign Link Aggregation Group 2 members ............................................................... 139
Create Routed Interfaces on the Cisco switch ............................................................ 140
Test the connection from BBS 1000+.......................................................................... 140
Deleting all configurations from this example on BBS 1000+........................................... 140
Configuring MAC Address Table ............................................................................................ 141
MAC Address Table Configuration Commands ................................................................ 142
Configuring Static MAC Example ..................................................................................... 142
Verify BBS 1000+'s System Running Mode and PON port mode ............................... 143
Configure Service VLAN 50 ........................................................................................ 144
Configure a Static MAC Address Entry ....................................................................... 146
Verify the Configuration .............................................................................................. 146
Result Analyze ............................................................................................................ 147
Removing all the example configurations......................................................................... 147
Delete the Static MAC Table Entry .............................................................................. 147
Delete Service VLAN 50 ............................................................................................. 147
Restore ONU VLAN for ONU1 and ONU2. ................................................................. 147
Configuring ARP .................................................................................................................... 148

10
ARP Configuring Commands ........................................................................................... 149

Configuring ARP Example................................................................................................ 150
Configure Super SVI ................................................................................................... 150
Add ARP entry for PC1 ............................................................................................... 151
Add a Host-route Entry for PC2 .................................................................................. 152
Deleting All the Configuration on the BBS 1000+............................................................. 153
Delete the ARP Entry.................................................................................................. 153
Delete the Host-route Entry ........................................................................................ 154
Delete the Super SVI .................................................................................................. 154
Configuring an IP Route ........................................................................................................ 155
Metric .......................................................................................................................... 155
IP Route Configuring Commands..................................................................................... 156
Static IP Route Configuration Example ............................................................................ 156
Create two Routed Interfaces on BBS 1000+. ............................................................ 157
Configure a Gateway on BBS 1000+.......................................................................... 158
Create three Routed Interfaces on the Cisco switch................................................... 159
Server Configuration ................................................................................................... 160
Verify the static IP Route configuration ....................................................................... 161
Verify the default IP Route configuration..................................................................... 161
Removing All the Example Configurations on BBS 1000+............................................... 161
Delete the host-routes................................................................................................. 161
Delete the IP Routes................................................................................................... 162
Delete the RI interfaces .............................................................................................. 162
Configuring Port Mirror .......................................................................................................... 162
Restrictions on Monitoring Sessions ................................................................................ 162
Port Mirror Configuring Commands.................................................................................. 163
Port Mirror Configuring Procedures.................................................................................. 163
Configuring Port Mirror Example ...................................................................................... 163
Configure Service VLAN 105 ...................................................................................... 164
Set up a Monitoring Session on BBS 1000+............................................................... 165
Send some data between PCs to monitor .................................................................. 166
Deleting All Example Configurations on BBS 1000+........................................................ 166
Deactivate the Monitoring Session 1 .......................................................................... 166
Delete Monitor Session 1............................................................................................ 167

11
6 VLAN MANAGEMENT
VLAN Introduction.................................................................................................................. 169
Layer 2 Port-Based VLANs .............................................................................................. 169
GE port VLAN ............................................................................................................. 169
Restrictions for Layer 2 VLAN Management............................................................... 169
VLAN ID Processing in Unique-tag/Stack-tag Mode......................................................... 170
ONU Forwarding Rules For L2 Data Packets in Unique-tag Mode ............................. 170
ONU Forwarding Rules For L2 Data Packets in Stack-tag Mode................................ 171
BBS 1000+ Ingress Port Forwarding Rules for L2 Data Packets................................ 171
ONU VLAN Management ................................................................................................. 172
ONU Default VLAN ..................................................................................................... 172
Especially VLAN ID Assignment in Unique-tag Running Mode .................................. 172
Especially ONU VLAN ID Reconfiguring in Stack-tag Mode and QinQ Running Mode173
VLAN Layer 2 Configuration Tasks ........................................................................................ 174
VLAN Layer 2 Management Procedure ................................................................................. 174
VLAN Creation Example ........................................................................................................ 175
Application Description ..................................................................................................... 175
Example Topology ............................................................................................................ 175
Create a VLAN. ........................................................................................................... 175
Add Members to the VLAN ......................................................................................... 176
Configure the Interface PVID ...................................................................................... 176
Deleting the Example Configuration on BBS 1000+......................................................... 176
Reconfigure the port's PVID ....................................................................................... 176
Delete Members from the VLAN ................................................................................. 177
Delete a VLAN ............................................................................................................ 178
7 CONFIGURING GEPON FEATURES

PON System Configuration.................................................................................................... 179
PON System Parameters ................................................................................................. 179
User Authentication Method ............................................................................................. 180
Authentication Configuring Commands ............................................................................ 181
Configuring ONU's Local Authentication................................................................................ 181
ONU Lport (Logical Port) Assignment .............................................................................. 181
ONU Registration Process ............................................................................................... 182
VLAN ID Assignment in Unique-tag running mode .......................................................... 182
VLAN ID Assignment in Stack-tag running mode ............................................................. 183
ONU's Local Authentication Example............................................................................... 183
Configure PON System Parameters ........................................................................... 184
Configure the ONU's MAC and PON's lport binding ................................................... 184
Activate the OLT port and the lport binding................................................................. 186
Verify the OLT and ONUs configuration ...................................................................... 186

12
Deleting the Example Configuration ................................................................................ 187

Restore PON system parameters ............................................................................... 187
Delete Lport and MAC binding.................................................................................... 187
OLT Management .................................................................................................................. 188
OLT Port Introduction ....................................................................................................... 188
Administrative Status ................................................................................................. 188
Physical State of OLT Module..................................................................................... 188
Transceiver Type......................................................................................................... 188
Reseting OLT ................................................................................................................... 189
Monitoring Method ...................................................................................................... 189
Reset OLT Manually ................................................................................................... 189
OAM rate limit................................................................................................................... 190
OLT Configuration Commands ......................................................................................... 191
OLT Configuration Example List....................................................................................... 191
Enter OLT Configuration command ............................................................................ 191
Configure OLT Transceiver Type ................................................................................ 191
Disable OLT ................................................................................................................ 191
Show Registered ONU ............................................................................................... 191
Show Running-config of All OLT Ports........................................................................ 192
Show OLT port statistics of Packets............................................................................ 192
OLT&ONU DBA Configuration ............................................................................................... 193
MPCP Introduction ........................................................................................................... 193
ONU Automatic Discovery .......................................................................................... 194
Normal Data Transmission Process............................................................................ 195
MPCP Timeout ................................................................................................................. 196
OLT MPCP Timeout .................................................................................................... 196
ONU MPCP Timeout................................................................................................... 196
MPCP Timeout Configuration Commands .................................................................. 197
Dynamic Bandwidth Allocation Introduction .................................................................... 197
Configuring OLT DBA ....................................................................................................... 198
OLT DBA Configuration Commands................................................................................. 198
Changing DBA algorithm From Plato to Internal on OLT1/1............................................. 199
Configuring ONU DBA-SLA ............................................................................................. 199
ONU DBA-SLA Configuration Commands ....................................................................... 201
Example of OLT&ONU DBA Configuration....................................................................... 201
Configure OLT DBA .................................................................................................... 202
Configure ONU1 DBA-SLA ......................................................................................... 203
Configure ONU2 DBA-SLA ......................................................................................... 203
Result Analyze ............................................................................................................ 204
Deleting All the Configurations ......................................................................................... 204
Restore ONU1's DBA-SLA Configruation ................................................................... 204
Restore ONU2's DBA-SLA Configruation ................................................................... 205
ONU Policy Configuration ...................................................................................................... 205
ONU Policy Introduction ................................................................................................... 205

13
ONU Downstream Configuring ......................................................................................... 206

ONU p2p Configuring ....................................................................................................... 207
P2P Access Introduction ............................................................................................. 207
P2P-stream Policy....................................................................................................... 207
P2P-stream & Upstream Forwarding Procedure......................................................... 209
ONU Policy Configuration Commands ............................................................................. 210
Example of ONU Downstream Policy Configuration ........................................................ 211
Configure ONU1's downstream bandwidth ................................................................. 212
Configure ONU2's downstream bandwidth ................................................................. 213
Result Analyze ............................................................................................................ 213
Restore ONU2's downstream bandwidth configuration............................................... 213
Example of ONU p2p Policy Configuration....................................................................... 214
Configure ONU1's work mode as p2p-access ............................................................ 215
Configure ONU1's p2p-stream bandwidth................................................................... 216
Configure ONU1's DBA-SLA....................................................................................... 217
Result Analyze.................................................................................................................. 218
Case1: Transmitting Data Total < DBA-SLA Max. Bandwidth ..................................... 218
Case2: Transmitting Data Total > DBA-SLA Max. Bandwidth ..................................... 218
Case3: Transmitting Data Total > DBA-SLA Max. Bandwidth ..................................... 219
Restore ONU1's p2p-stream bandwidth Configuration ............................................... 220
Restore ONU1's p2p access ....................................................................................... 220
Restore ONU1's DBA-SLA Configuration ................................................................... 221
ONU Management ................................................................................................................. 221
ONU Basic Management.................................................................................................. 221
Enable/Disable ONU ................................................................................................... 221
Reset ONU.................................................................................................................. 221
Switch-cli ..................................................................................................................... 222
Encryption communication between ONU and OLT.................................................... 222
ONU OAM Management .................................................................................................. 222
OAM ping .................................................................................................................... 222
OAM link-test............................................................................................................... 222
Show ONU OAM Detail............................................................................................... 222
OAM Link-test Procedure............................................................................................ 222
PON loop-back Configuration and exmaple................................................................ 223
Configure Steps........................................................................................................... 225
ONU Remote Management .............................................................................................. 228

14
Remotely Upgrade ONU ............................................................................................. 228

Example of ONU remote upgrade............................................................................... 230
Remotely Change MAC Address ................................................................................ 233
UNI port Auto-negotiation ........................................................................................... 233
UNI link status alarm filter ........................................................................................... 233
ONU Configuration Commands........................................................................................ 234
ONU Configuration Example List ..................................................................................... 234
Enter ONU Configuration command ........................................................................... 234
Enable or Disable ONU............................................................................................... 234
Show ONU Summary.................................................................................................. 234
Show ONU Running Configuration ............................................................................. 235
Show ONU Statistics................................................................................................... 235
PON System MAC Address Table ........................................................................................ 236
Show OLT MAC Address Table ................................................................................. 237
MAC Address Configuration Commands ......................................................................... 237
MAC Address Configure Example.................................................................................... 238
Topology Example....................................................................................................... 238
System Requirement .................................................................................................. 238
Configure ONU's MAC Limit ....................................................................................... 238
CASE1: Connect PC1,PC2 and PC3 to ONU............................................................. 239
Reconfigure MAC Aging timer .................................................................................... 239
CASE2: Disconnect PC2 from ONU. ......................................................................... 240
8 CONFIGURING REMOTE AUTHENTICATION

Understanding Remote Authentication through RADIUS ..................................................... 241
802.1 x /RADIUS Process ................................................................................................ 242
RADIUS Authentication Server and Accounting Server .................................................. 243
RADIUS Server Redundancy ........................................................................................... 244
Special Requirement for CLI User Authentication ............................................................ 245
Special Parameters for ONU Re-authentication............................................................... 245
ONU time out .............................................................................................................. 245
Re-authentication interval for time out ........................................................................ 246
Re-authentication interval for access reject ................................................................ 246
Re-authentication Parameter Configuration Command .............................................. 246
Configuring 802.1 x /RADIUS Authentication ........................................................................ 246
Authentication Parameters Introduction ........................................................................... 247
Display All the Authentication Configuration ............................................................... 247
Shared Keys ............................................................................................................... 247
Realm.......................................................................................................................... 247
Auto switch.................................................................................................................. 248
Timeout ....................................................................................................................... 248
NAS............................................................................................................................. 248
Return List on the Radius Server ..................................................................................... 248
Remote Authentication Configuration Commands ........................................................... 249
ONU Remote Authentication Example................................................................................... 250
15

Example Topology ...................................................................................................... 250
Install the RADUIS Server software on the PC .......................................................... 251
Configure RADUIS ..................................................................................................... 251
Configure BBS 1000+ ................................................................................................. 257
Verify ONU1's RADIUS authentication ....................................................................... 258
Practical Configuring Tips ................................................................................................ 259
Modifying the ONU ID and password ......................................................................... 259
CLI User Remote Authentication Example ............................................................................ 261
Configuration Requirement ......................................................................................... 261
Configure RADUIS Server .......................................................................................... 261
Configure RADIUS Server Parameters on the BBS 1000+ ........................................ 267
Configure CLI user's authentication method ............................................................... 269
Verify CLI User RADIUS authentication ..................................................................... 269
Deleting All the Configuration on the BBS 1000+............................................................. 270
Restore RADIUS Server Configuration ....................................................................... 270
Delete User-mytestuser .............................................................................................. 271
Restore User Authentication as Local......................................................................... 271
Configuration 802.1 x /RADIUS Accounting .......................................................................... 272
Remote Accounting Configuration Commands ................................................................ 273
Remote Accounting Configuration Procedure .................................................................. 273
9 CONFIGURING SYSLOG
Understanding the Concepts.................................................................................................. 275
System Log Message Format........................................................................................... 275
Sending Syslog Messages to the Console or Flash Memory ........................................... 276
Logging Host Server and Facilities................................................................................... 277
System Log Configuration Commands............................................................................. 278
Syslog Configuration Procedure....................................................................................... 278
Syslog Configuration Example............................................................................................... 278
Configure an SVI on BBS 1000+ ................................................................................ 279
Verify the out-band gateway ....................................................................................... 280
Configure Syslog on BBS 1000+ ................................................................................ 280
Configure the Cisco switch ......................................................................................... 281
Configure the Syslog Server ...................................................................................... 281
Set the Syslog Server IP Address............................................................................... 283
Removing All Syslog Configurations on BBS 1000+ ........................................................ 285
Remove the syslog configuration ................................................................................ 285
Remove the SVI ......................................................................................................... 285
Removing VLAN 500................................................................................................... 286
16
10 CONFIGURING RSTP
Introduction RSTP ................................................................................................................. 287
RSTP Configuration Commands............................................................................................ 287
RSTP Configuration Procedure ............................................................................................. 288
RSTP Configuration Example ................................................................................................ 288
Application Description..................................................................................................... 288
Configuration Requirement ......................................................................................... 289
Configure the ONU's MAC and PON's lport binding ................................................... 289
Configure VLAN 10 on BBS 1000+............................................................................. 290
Enable Spanning Tree on the VLAN 10 ...................................................................... 290
Show Spanning Tree Configuration ............................................................................ 290
Create VLAN 10 on Cisco 3750 ................................................................................. 291
Enable Spanning Tree on the VLAN 10 ...................................................................... 292
Verify the Spanning Tree ............................................................................................ 292
Two links Case ...................................................................................................... 293
One Link Case....................................................................................................... 293
Rescover to Two Links Case. ................................................................................ 294
11 CONFIGURING DHCP SERVER

DHCP Configuration Tasks .................................................................................................... 297
DHCP Server Configuration Procedure ................................................................................. 298
Configuring DHCP Server Example....................................................................................... 298
Verify BBS 1000+'s Running Mode............................................................................. 300
PON Configuration...................................................................................................... 301
Create a Routed Interface........................................................................................... 302
L2 Configuration--Create ONU's Service VLANs........................................................ 302
L2 Configuration--Create Two Super VLANs .............................................................. 303
L3 Configuration--Create two Super SVIs................................................................... 304
Enable BBS 1000+'s DHCP server............................................................................. 305
DHCP Policy Configuration......................................................................................... 305
DHCP Pool Configuration ........................................................................................... 305
Save the BBS 1000+'s Configuration.......................................................................... 306
Configure ONU404-1 and ONU404-2 ......................................................................... 307
ONU404-1 get IP address from BBS 1000+-DHCP Server ........................................ 309
PC get IP address from BBS 1000+--DHCP Server ................................................... 309
12 CONFIGURING DHCP RELAY

DHCP Relay Configuration Tasks .......................................................................................... 311
DHCP Relay configuration Example ...................................................................................... 311

17

Install the DHCP Server software on both DHCP servers .......................................... 313
Configure the DHCP servers....................................................................................... 313
Configure a Routed Interface on BBS 1000+.............................................................. 316
Create a Super SVI on BBS 1000+............................................................................. 317
Start the DHCP Relay service on BBS 1000+............................................................. 318
Verify the DHCP Relay configuration .......................................................................... 318
Use DHCP Method to Obtain IP Address on PC ........................................................ 318
Test the Redundant DHCP Relay ............................................................................... 320
13 CONFIGURING MULTICAST
Multicast Address................................................................................................................... 321
Configuring IGMP Snooping .................................................................................................. 321
IGMP Snooping Work Mode ............................................................................................. 321
IGMP Snooping Configuring Tasks................................................................................... 322
IGMP Snooping Configuration Example ................................................................................ 322
Create Service VLAN 10 ............................................................................................. 324
Enable IGMP Snooping on VLAN .............................................................................. 325
Perform IGMP Snooping Service ................................................................................ 325
Check IGMP group information on BBS 1000+ .......................................................... 327
Configuring IGMP Proxy ........................................................................................................ 328
IGMP Proxy Configuring Tasks......................................................................................... 329
Configuring IGMP Proxy Procedure ................................................................................ 330
IGMP Proxy Configuring Example ......................................................................................... 330
Configure a Routed Interface ...................................................................................... 331
Configure ONUs' Lport Binding ................................................................................... 332
Start up PON Port OLT1/1........................................................................................... 332
Configure Super SVI ................................................................................................... 332
Configure IGMP Proxy ................................................................................................ 333
Perform IGMP Proxy Service ...................................................................................... 335
Check IGMP group information on BBS 1000+ .......................................................... 337
14 CONFIGURING ACL
ACL Work Mode..................................................................................................................... 339
ACL Configuration Tasks ....................................................................................................... 339
ACL Configuration Procedures ............................................................................................ 342
ACL Profile Configuration ...................................................................................................... 343

18
Specifying ACL Profiles .................................................................................................... 345

Specifying ACL Fields ...................................................................................................... 345
Syntax for ACL Field Lists .......................................................................................... 345
Syntax explanation...................................................................................................... 347
Field List Example using IP Packets ................................................................................ 348
VLAN Field.................................................................................................................. 348
DSCP Field ................................................................................................................. 348
Sip Field ...................................................................................................................... 349
Field List Example using ARP Packets ............................................................................ 350
VLAN Field.................................................................................................................. 350
SMAC Field................................................................................................................. 351
DMAC Field................................................................................................................. 351
Specifying ACL Rules....................................................................................................... 352
Syntax for ACL rules ................................................................................................... 352
Syntax explanation...................................................................................................... 354
ARP Packets Rule List Example................................................................................. 355
IP Packets Rule List Example..................................................................................... 355
Specifying Actions ........................................................................................................... 356
Actions Defined in the Rules....................................................................................... 356
Pre-configured Default Action in Forwarding Mode ................................................... 356
IPMC Filtering Action in Forwarding Mode ................................................................. 357
ACL Profile Configuring Example..................................................................................... 358
Determine the Application's Specific ACL Profile Requirements ................................ 358
Define the ACL Rules ................................................................................................ 359
Create the ACL Profile ................................................................................................ 359
Access Mode ACL Configuration Example ............................................................................ 359
Configuration Tasks Using ACL Profile ............................................................................ 360
Configure a Routed Interface on the Cisco switch...................................................... 360
Configure a Routed Interface on BBS 1000+ ............................................................. 361
Create the ACL file...................................................................................................... 362
Download the ACL file from FTP Server to BBS 1000+ ............................................ 362
Import the ACL file into the ACL Profile ...................................................................... 363
Apply ACL Profile to BBS 1000+ Management Interface(CPU) ................................. 364
Confirm that the Cisco switch is denied access.......................................................... 364
Disable the ACL profile on BBS 1000+ system .......................................................... 365
Confirm that the ACL profile is disabled...................................................................... 365
Delete the ACL profile saved in the BBS 1000+ database ......................................... 365
Configuration Tasks Using ACL CLI ................................................................................. 365
Define ACL using ACL CLI Commands ...................................................................... 366
Apply ACL to BBS 1000+ Management Interface(CPU)............................................. 366
Delete the ACL List saved in the BBS 1000+ database............................................. 367
Forwarding Mode ACL Configuration Example...................................................................... 367
Configuration Tasks Using ACL Profile ............................................................................ 368

19
Configure a Routed Interface on the Cisco switch ...................................................... 369

Configure a Routed Interface on BBS 1000+.............................................................. 369
Create Super SVI 500 ................................................................................................. 370
Add host route............................................................................................................. 371
Configure ACL file ....................................................................................................... 371
Download the ACL file to the BBS 1000+'s flash:/ directory ....................................... 371
Import the ACL file into the ACL Profile ...................................................................... 372
Apply the ACL Profile to the GE port........................................................................... 373
Perform a ping test from the PC.................................................................................. 373
Disable ACL profile on the BBS 1000+ GE port......................................................... 373
Perform a ping test...................................................................................................... 373
Delete the ACL Profile saved in the BBS 1000+ database ......................................... 374
Configuration Tasks Using ACL CLI ................................................................................. 374
Define ACL using ACL CLI Commands ...................................................................... 374
Apply ACL to the GE port............................................................................................ 375
Delete the ACL List saved in the BBS 1000+ database............................................. 375
15 CONFIGURING QOS
BBS 1000+ QoS Overview..................................................................................................... 377
Classification ............................................................................................................... 379
Queuing and Scheduling............................................................................................. 379
QoS Configuring Commands............................................................................................ 381
QoS Configuring Procedure ............................................................................................. 381
ACL and QoS ................................................................................................................... 381
BBS 1000+ QoS Configuration Example ............................................................................... 382
Application Description ..................................................................................................... 382
Topology Example ............................................................................................................ 382
Configure QoS on GE3/2 ............................................................................................ 383
Configure QoS on GE1/1 ............................................................................................ 383
Configure ratelimit on GE1/1....................................................................................... 384
Result Analyze ............................................................................................................ 384
16 SYSTEM ADMINISTRATION
User Account Management ................................................................................................... 385
User Management Operations ......................................................................................... 386
Examples of User Management ....................................................................................... 386
Change password for Administrator............................................................................ 386
Add a Super user ........................................................................................................ 387
Delete a user............................................................................................................... 388
File Management ................................................................................................................... 388
System Start Up Method................................................................................................... 388
System File Introduction ................................................................................................... 389
File Configuration Tasks ................................................................................................... 390
Firmware Upgrade Procedure................................................................................................ 391
Firmware Upgrade Normally In-band Management ............................................................... 393

20

Pre-Upgrade Requirements ........................................................................................ 393
Configure FTP Server ................................................................................................. 394
Configure BBS 1000+ ................................................................................................. 396
VxWorks Configuration After System Failure......................................................................... 398
[VxWorks Boot] Mode Introduction .................................................................................. 398
Application Description..................................................................................................... 399
Set up FTP Server ...................................................................................................... 400
Connect to the BBS 1000+ Console port .................................................................... 400
Configure the BBS 1000+ system boot parameters.................................................... 400
A TERMS AND ACRONYMS

21
LIST OF TABLES
Table 1 Notice Icon Descriptions......................................................................................... 27
Table 2 Text Convention Descriptions................................................................................. 28
Table 3 CLI Command Modes............................................................................................. 38
Table 4 CLI Syntax Convention Description........................................................................ 40
Table 5 Shortcuts for obtaining help within CLI".................................................................. 40
Table 6 Hotkeys................................................................................................................... 42
Table 7 BBS 1000+ internal and external ports................................................................... 44
Table 8 VLAN ID Handling Mechanism for the four Running Modes .................................. 46
Table 9 Commands to configure running mode .................................................................. 49
Table 10 ASIC System Information Configuration Commands ............................................. 94
Table 11 Typical GE port configuration commands............................................................... 99
Table 12 Typical Layer 2 LAG configuration commands..................................................... 101
Table 13 Interface Range configuration commands ........................................................... 124
Table 14 Typical MAC Address Table configuration commands ......................................... 142
Table 15 Typical ARP configuration commands ................................................................ 149
Table 16 Typical IP Route configuration commands ......................................................... 156
Table 17 Typical port mirroring commands ....................................................................... 163
Table 18 VLAN Assignment in ONU Registration for the Four Running Modes.................. 172
Table 19 VLAN ID Assignment............................................................................................ 172
Table 20 Typical layer 2 VLANconfiguration commands..................................................... 174
Table 21 PON system parameters ..................................................................................... 179
Table 22 Authentication Configuring Commands ................................................................ 181
Table 23 VLAN ID Assignment (Based on a VLAN ID Base of 101) ................................... 182
Table 24 OLT Configuration Commands............................................................................. 191
Table 25 .............................................................................................................................. 197
Table 26 OLT DBA Configuration Parameters ................................................................... 198
Table 27 OLT DBA Configuration Commands .................................................................... 198
Table 28 ONU DBA_SLA Configuring Commangs.............................................................. 201
Table 29 DBA Parameters Configuration ............................................................................ 202
Table 30 ONU Policy Configuring Commands .................................................................... 210
Table 31 Downstream Bandwidth Paramenters ................................................................. 211
Table 32 ONU p2p stream Policy Parameters ................................................................... 214
Table 33 ONU1's DBA-SLA Parameters ............................................................................. 215
Table 34 Case1 of p2p Policy.............................................................................................. 218
Table 37 type and hw-rev value configuration .................................................................. 229
Table 38 ONU100's hardware type ..................................................................................... 231
Table 39 ONU Configuring Commands............................................................................... 234
Table 40 MAC Address Configuration Commands.............................................................. 237
Table 41 Re-authentication Parameter Configuring Commands ......................................... 246
Table 42 Remote Authentication Configuring Commands .................................................. 249
Table 43 Remote Accounting Configuring Commands ....................................................... 273
Table 44 Non-RFC 3164 Syslog Format Description ......................................................... 276
Table 45 Syslog Severity Level Description ........................................................................ 276
Table 46 Syslog Facility Codes ......................................................................................... 277
Table 47 Syslog Configuration Commands ......................................................................... 278
Table 48 RSTP Configuring Commands ............................................................................. 287
Table 49 DHCP Configuring Commands............................................................................. 297
Table 50 DHCP Relay Configuring Commands .................................................................. 311
Table 51 IGMP Snooping Configuring Commands ............................................................. 322
Table 52 IGMP Proxy Configuring Commands ................................................................... 329

22
Table 53 Compare Forwarding and Access mode ...............................................................339

Table 54 ACL Profile related CLI Comands List..................................................................340
Table 55 ACL List related CLI Commands List ...................................................................340
Table 56 ACL Fields related to IP packets ..........................................................................345
Table 57 ACL Fields related to ARP packets ......................................................................346
Table 58 Valid DSCP Rule values based on a DSCP mask of 0x38 ...................................349
Table 59 Valid SIP Rule values based on a SIP mask .......................................................350
Table 60 Valid VLAN rule values based on a VLAN mask ...................................................351
Table 61 Valid DMAC Rule values based on a DMAC range mask .....................................352
Table 62 ACL Rules related to IP packets ...........................................................................353
Table 63 ACL Rules Actions ...............................................................................................353
Table 64 ACL Rules related to ARP packets .......................................................................354
Table 65 BBS 1000+ Default IP Precedence to DSCP Map ................................................379
Table 66 BBS 1000+ Default CoS Priority to Queue Map....................................................380
Table 67 BBS 1000+ Default Queue Scheduler...................................................................380
Table 68 QoS Configuring Commands ................................................................................381
Table 69 User Management Commands .............................................................................386
Table 70 System Files ..........................................................................................................390
Table 71 File Configuring Commands ..................................................................................390
Table 72 Firmware Upgrade Files and Destination Folders .................................................391
Table 73 System Boot Parameters .....................................................................................399

23
LIST OF FIGURES
Figure 1 Serial RJ-45/DB9 RS-232 cable connection ......................................................... 31
Figure 2 HyperTerminal COM port selection ...................................................................... 32
Figure 3 DEBUG Port Communication Parameters ............................................................ 33
Figure 4 Ethernet cable Management port connection ....................................................... 34
Figure 5 BBS 1000+ system interface modules ................................................................. 43
Figure 6 BBS 1000+ back view(DC) .................................................................................. 44
Figure 7 BBS1000+ PON running mode ............................................................................. 44
Figure 8 BBS 1000+ PON Part .......................................................................................... 46
Figure 9 BBS 1000+ Start Up Procedures .......................................................................... 50
Figure 10 Out-Band Management Port ................................................................................. 52
Figure 11 BBS 1000+ L2 switch configuration topology example ........................................ 53
Figure 12 PC1 IP Address Configuration .............................................................................. 59
Figure 13 Configuring BBS 1000+ as a L3 switch ................................................................ 61
Figure 14 PC1 IP Address Configuration .............................................................................. 72
Figure 15 QinQ Application Example Topology .................................................................... 76
Figure 16 FE Port for Out Band Management(DC) .............................................................. 79
Figure 17 In-Band Configuration Topology ........................................................................... 81
Figure 18 PC Gateway Configuration ................................................................................... 86
Figure 19 SNMP Configuring Topology ................................................................................ 87
Figure 20 Netman 4000 OMC-D TopoUI Client window ....................................................... 90
Figure 21 Create NE window ................................................................................................ 91
Figure 22 Traffic Storm Control ........................................................................................... 96
Figure 23 User-isolation example ......................................................................................... 99
Figure 24 Link Aggregation Configuration Topology .......................................................... 103
Figure 25 Using DMAC as Loading-sharing Rule ............................................................... 114
Figure 26 One link case, Rtag is dmac ............................................................................... 117
Figure 27 Two links case , Rtag is dmac ............................................................................ 118
Figure 28 Three links case, Rtag is dmac .......................................................................... 118
Figure 29 Break L1, Two links case, Rtag is dmac ............................................................. 119
Figure 30 Using DIP XOR SIP as Loading-share Rule ....................................................... 120
Figure 31 One link case, Rtag is DIP XOR SIP .................................................................. 122
Figure 32 Two links case, Rtag is DIP XOR SIP ................................................................ 123
Figure 33 Three links case, Rtag is DIP XOR SIP .............................................................. 124
Figure 34 Secondary IP address Application on the Uplink Interface ................................. 127
Figure 35 Secondary IP address Application on a Super SVI ............................................ 127
Figure 36 SVI application uplink backup configuration .................................................... 130
Figure 37 Super SVI example ............................................................................................. 132
Figure 38 L3 Link Aggregation port based on an SVI port .................................................. 135
Figure 39 L3 LAG interface based on a Routed interface .................................................. 138
Figure 40 Static MAC Address Configuration Topology ..................................................... 143
Figure 41 ARP Configuration Topology .............................................................................. 150
Figure 42 Metric Example ................................................................................................... 155
Figure 43 IP Route Topology .............................................................................................. 157
Figure 44 Port Mirror Topology ........................................................................................... 164
Figure 45 VLAN Management ............................................................................................ 170
Figure 46 VLAN Creation Topology .................................................................................... 175
Figure 47 Local ONU Authentication .................................................................................. 183
Figure 48 Discovery Handshak Message Exchange .......................................................... 195
Figure 49 GATE/REPORT Process .................................................................................... 195
Figure 50 OLT&ONU DBA Configuration ........................................................................... 202
Figure 51 p2p Access Mode Topology Example ................................................................ 207
Figure 52 P2P-stream & Upstream Forwarding .................................................................. 209

24
Figure 53 ONU Downstream Policy Configuration ............................................................. 211

Figure 54 P2P Stream Policy Configuration ....................................................................... 214
Figure 55 ONU's status ...................................................................................................... 224
Figure 56 PON Loopback Configuring Topology ................................................................ 224
Figure 57 Remote ONU UpgradeTopology ........................................................................ 230
Figure 58 Configuring PON MAC Address Table .............................................................. 238
Figure 59 802.1x/RADIUS Authentication Process ............................................................ 242
Figure 60 ONU /CLI Remote Athentication, Accounting Process ....................................... 244
Figure 61 RADIUS Server Authentication Topology ........................................................... 250
Figure 62 List RADIUS Directory ....................................................................................... 251
Figure 63 RADIUS Administrator Main Window ................................................................. 251
Figure 64 RADIUS Connection Results .............................................................................. 252
Figure 65 RADIUS RAS Clients Selection .......................................................................... 253
Figure 66 Edit Authentication password ............................................................................. 253
Figure 67 Steel-Belted Radius Configuration (I) ................................................................. 254
Figure 68 RADIUS Users Selection ................................................................................... 254
Figure 69 Add New User .................................................................................................... 255
Figure 70 Enter User Password ......................................................................................... 255
Figure 71 Return List Attributes .......................................................................................... 256
Figure 72 Add New Attribute .............................................................................................. 256
Figure 73 Attributes List ...................................................................................................... 257
Figure 74 Steel-Belted Radius Configuration (II) ............................................................... 257
Figure 75 Modify ONU's username and password ............................................................. 260
Figure 76 RADIUS Server Authentication Topology ........................................................... 261
Figure 77 RADIUS Administrator Main Window ................................................................. 262
Figure 78 RADIUS Connection Results .............................................................................. 263
Figure 79 RADIUS RAS Clients Selection .......................................................................... 263
Figure 80 Edit Authentication password ............................................................................. 264
Figure 81 Steel-Belted Radius Configuration (I) ................................................................. 264
Figure 82 RADIUS Users Selection ................................................................................... 265
Figure 83 Add New User .................................................................................................... 265
Figure 84 Enter User Password ......................................................................................... 266
Figure 85 Return List Attributes .......................................................................................... 266
Figure 86 Add New Attribute .............................................................................................. 266
Figure 87 Add an Attribute .................................................................................................. 267
Figure 88 Steel-Belted Radius Configuration (II) ................................................................ 267
Figure 89 Syslog Configuration Topology .......................................................................... 279
Figure 90 3CDaemon Main Window .................................................................................. 282
Figure 91 Syslog Server Window ....................................................................................... 282
Figure 92 Syslog Configuration Window ............................................................................ 283
Figure 93 Set the Syslog server IP address ....................................................................... 284
Figure 94 Syslog Server window ........................................................................................ 285
Figure 95 RSTP Configuration Topology ............................................................................ 289
Figure 96 DHCP Configuration Example ............................................................................ 299
Figure 97 ONU404-1's WAN Port Configuration ................................................................ 307
Figure 98 ONU404-1s Port Configuration .......................................................................... 308
Figure 99 ONU404-1 VoIP Configuration ........................................................................... 308
Figure 100 DHCP Relay Configuration ................................................................................ 312
Figure 101 DHCP Server: Server Manager ......................................................................... 313
Figure 102 DHCP Server: New Scope (I) ............................................................................ 314
Figure 103 DHCP Server: New Scope (II) ........................................................................... 314
Figure 104 BBS 1000+ Scope's Properties Window ........................................................... 315
Figure 105 Select Option Window ....................................................................................... 315
Figure 106 Select Gateway Window ................................................................................... 316
Figure 107 Configuring Address .......................................................................................... 316

25
Figure 108 Internet Protocol (TCP/IP) Properties ................................................................ 319

Figure 109 IGMP Snooping Configuration ........................................................................... 323
Figure 110 Add Multicast Group .......................................................................................... 325
Figure 111 Initiate the Multicast Join Report ....................................................................... 326
Figure 112 Configure Multicast ............................................................................................ 326
Figure 113 Initiate Multicast Group ...................................................................................... 327
Figure 114 Check WListen Packet Number on PC2 ............................................................ 327
Figure 115 IGMP Proxy Configuration ................................................................................. 328
Figure 116 IGMP Proxy Configuration ................................................................................. 330
Figure 117 Add Multicast Group .......................................................................................... 335
Figure 118 Initiate Multicast Join Report ............................................................................. 335
Figure 119 Configure Multicast ............................................................................................ 336
Figure 120 Initiate Multicast Packets ................................................................................... 336
Figure 121 Check WListen Packet Number ......................................................................... 337
Figure 122 ACL Profile Example ......................................................................................... 343
Figure 123 ACL Field List, Fields and Rules ....................................................................... 344
Figure 124 Configure Topology Example ............................................................................ 358
Figure 125 ACL Topology Example ..................................................................................... 360
Figure 126 Configure ACL for Forwarding packets ............................................................. 368
Figure 127 Traffic Bottlenecks ............................................................................................. 377
Figure 128 802.1 Q Frame .................................................................................................. 378
Figure 129 original ToS Field and DSCP Field .................................................................... 378
Figure 130 QoS Actions ....................................................................................................... 379
Figure 131 Example Network for Configuring QoS .............................................................. 382
Figure 132 Firmware update files on the management PC ................................................. 391
Figure 133 Firmware Upgrade Process Diagram ................................................................ 392
Figure 134 Example Firmware Upgrade Topology .............................................................. 393
Figure 135 3CDaemon Main Window ................................................................................. 394
Figure 136 3CDaemon Configuration ................................................................................. 395
Figure 137 3CDaemon: FTP Server Start Up ...................................................................... 396
Figure 138 Firmware Upgrade Under Abnormal State ........................................................ 400

26

ABOUT THIS GUIDE
This document describes how to operate the GEPON (Gigabit Ethernet Passive
Optical Network) BBS 1000+ system with a basic configuration and lists the CLI
(Command Line Interface) command set. For GEPON System Structure, refer to
GEPON System Overview manual.
This manual corresponds with software version Release 2.32.01.28. Before

configuring check to see that the software shipped corresponds in version
number to this manual. If it does not,please contact UTStarcom's post sale
customers support for appropriate documentation.
The parameters used in the given example are particular to the equipment being
configured in the example. Users need supply the necessary respective value
when configuring their own system.
The software except the BBS 1000+ firmware used in the given example is
provided by the third party and used here for function configuration demo only.
This guide is intended for technical engineers and system administrators who
are responsible for operating and maintaining the GEPON BBS 1000+ system.
Release notes are issued with some products. Visit our websites at
http://support.utstar.com.cn (China Service Center) and
http://support.utstar.com. (other Service Centers) If the information in the
release notes differs from the information in this guide, follow the instructions in
the release notes.
Conventions This guide may contain notices, figures, screen captures, and certain text
conventions..
Table 1 Notice Icon Descriptions
Icon Notice Type Description

Information Note Information that contains important features or
instructions but is not hazard-related.

28 About This Guide
Table 1 Notice Icon Descriptions (continued)
Icon Notice Type Description

Caution or Warning Cautions are preceded with the word Caution. This
type of caution indicates a potentially hazardous
situation which, if not avoided, may result in minor or
moderate injury. It may also alert against unsafe
practices and potential program, data, system, or
device damage.
Warnings are preceded with the word Warning. This
type of warning indicates a potentially hazardous
situation which, if not avoided, could result in death or
serious injury.
Caution or Warning Cautions due to potential electrical hazards are
due to potential preceded with the word Caution. This type of caution
electrical hazard indicates a potential electrical hazard. This hazard, if
not avoided, may result in minor or moderate injury. It
may also alert against unsafe practices and potential
program, data, system, or device damage.
Warnings due to potential electrical hazards are
preceded with the word Warning. This type of warning
indicates a potential electrical hazard. This hazard, if
not avoided, could result in death or serious injury.
ESD Information that indicates proper grounding precautions
are required before handling a product.
Figures and Screen This guide provides figures and screen captures as examples. These examples
Captures contain sample data. This data may vary from the actual data on an installed
system.
Table 2 Text Convention Descriptions
Convention Description
Text represented as a screen This typeface represents text that appears on a terminal
display screen, for example login:.
Text represented as user This typeface represents commands entered by the
entry. user, for example, cd
$HOME.
Text represented as menu, This typeface represents all menu, sub-menu, tab, and field
sub-menu, tab, and field names within procedures, for example:
names
On the File menu, click New.
Text represented by <variable> This typeface represents a required variable, for example:
<filename>
Related For more infornation on GEPON BBS 1000+ Release 2.32.01.028, refer to the
Documentation following documents.
GEPON BBS 1000+ Installation Guide
GEPON BBS 1000+ Release 2.32.01.028 CLI Reference Guide
GEPON BBS 1000+ Release 2.32.01.028 SNMP Reference Guide
GEPON BBS 1000+ Release 2.32.01.028 Alarm Message Guide
Contacting Customer Service 29
GEPON BBS 1000+ Release 2.32.01.028 System Message Guide
Contacting Customer For information about customer service, including support, training, code
Service releases and updates, contracts, and documentation, visit our websites at
http://support.utstar.com.cn (China Service Center) and
http://support.utstar.com (other Service Centers).
Before contacting technical support, have this information available:

Contract number
Product information
Software and hardware versions
Serial numbers
Problem description
Symptoms
Known causes
Trouble locating and clearing attempts
Obtaining Technical UTStarcom maintains a strong global presence, operating Technical Response
Assistance and Service Centers, in the US, Japan, India, China, Ireland, Mexico and Brazil.
These centers are available for technical telephone support to entitled
customers during normal business hours. After hours support is available to
customers who purchase a premium Service Agreement.
Support Website The UTStarcom Support website provides a variety of tools to assist customers
in resolving technical issues on UTStarcom products. The UTStarcom Support
website is available 24 hours per day. Customer registration is required. Certain
premium features require a valid Service Agreement.
Warranty Support UTStarcom provides its customers warranty support per the terms of the
UTStarcom Warranty Statement for their equipment. Customers who require
warranty support should contact the UTStarcom Service Center that serves their
territory.
Contact details for the China Service Center can be found at

http://support.utstar.com.cn
Contact details for all other Service Centers can be found at

http://support.utstar.com
Contacting Technical To provide comments on this documentation, send an e-mail to:

Documentation techdoc.feedback@utstar.com along with the name and part number of the
guide being referenced. If applicable, include the chapter and page number as
well.
COMMAND LINE INTERFACE
1
Network management can be performed using several different management
interfaces such as those listed below:
SNMP Management
Command Line Interface (CLI) based Management
This manual introduces the GEPON BBS 1000+ system's CLI network
management features.
In the initial BBS 1000+ setup stage, two methods are provided for logging in to
the system using CLI-based management:
Terminal Emulation using the DEBUG port (RJ-45 connector)
Telnet using the Management port (RJ-45 connector)
Using Terminal When using terminal emulation to access the BBS 1000+ system, the PC's
Emulation to login to serial RS-232 COM port is connected to the BBS 1000+'s DEBUG port. Follow
BBS 1000+ the steps below to connect a PC to the BBS 1000+ system:
1 Use a RJ-45/DB9 RS-232 serial cable. Connect the DB-9 connector to a vacant
serial RS-232 COM port on the PC, and the RJ-45 connector to the BBS
1000+'s DEBUG port, as shown in the figure below:
Figure 1 Serial RJ-45/DB9 RS-232 cable connection
Part Number L2 CO00 2321 06 15 00 GEPON OLT OLT BBS 1000+

32 Chapter 1: Command Line Interface
2 Start a terminal emulation program, in this example, Windows HyperTerminal is

used.
3 From the HyperTerminal main menu, select [File->Properties]. The New
Connection Properties dialog box will be opened on the computer screen.
Figure 2 HyperTerminal COM port selection
4 From the Connect using drop-down list, select the COM port corresponding
with the cable connection made in Step 1.
5 Click <Configure> to display the COMx Properties dialog box.
GEPON OLT OLT BBS 1000+ Part Number L2 CO00 2321 06 15 00

Using Terminal Emulation to login to BBS 1000+ 33
Figure 3 DEBUG Port Communication Parameters
6 Set the communication parameters to the following values:

Bits Per Second: 115200bps
Data Bits: 8
Parity: None
Stop Bits: 1
Flow Control: None
7 Click <OK> to complete set up.

On successful completion of cable and terminal communication parameters
setup, the system will prompt you for the Username and Password.
Username:
Password:
The default system administrator username and password are: admin and
admin.
8 Enter the username and password.
After logging onto the BBS 1000+ successfully, the following command prompt
is displayed.
BBS1000+>

Using telnet to login to When using Telnet to access the BBS 1000+ system, the PC network card's
BBS 1000+ (RJ-45) connector is connected to the BBS 1000+'s Management port (RJ-45).
Follow the steps below to connect a PC to the BBS 1000+ system:
1 Use an Ethernet cable with RJ-45 connectors on both ends to connect the BBS
1000+ Management port with the PC's network card.
Figure 4 Ethernet cable Management port connection
The BBS 1000+ management port supports Auto-MDIX, so either a

straight-through or crossover cable can be used.
2 Configure the PC's static IP address to be in the same subnet as the default
BBS 1000+ Management port IP address(172.18.36.207).[Example:
172.18.36.100]
3 From the Windows Start menu, select [Start->Run]. Enter the following
command:
C:\ telnet 172.18.36.207
172.18.36.207 is the default Management port IP address.
4 After establishing the connection with BBS1000+, the system will prompt you to
enter the username and password.
Username:
Password:
For BBS 1000+, the default administrator user name and password are both
"admin". The user name and password for guests (with read-only access) are
both "guest".
If the user enters an incorrect Username and Password six times in a row,
the telnet connection will be terminated.
5 Enter the username and password.
Upon successful login, the following system prompt is displayed.

Login Session 35
telnet@BBS1000+>
This prompt indicates that the user is at the first command mode interface; the
EXEC level.
Depending on the particular user account privileges, different CLI command
mode can be accessed.
For more information on user account privilege, refer to section "CLI
Command Mode".
Login Session The BBS 1000+ system supports up to four concurrent Telnet sessions when a
console session is also active, or five when a console session is inactive.
The idle session timeout is set to 30 minutes by default. When a session has
been idle for 30 minutes, the user will automatically be logged out.
Modify idle timeout, follow the steps below:

1 When users with "admin" privileges first login they are at the EXEC level. Use
the following command to enter the Privileged EXEC command mode.
telnet@BBS1000+> enable
At the Privileged EXEC command mode the system prompt changes to the
following:
telnet@BBS1000+#
2 Use the following command to enter the Management Configuration command

mode.
telnet@BBS1000+# configure management
At the Management Configuration command mode the system prompt

changes to the following:
telnet@BBS1000+(config-mgmt)#
3 Type the following command to set the idle session timeout to one hour.
telnet@BBS1000+(config-mgmt)# system timeout 3600
The timeout range is 60 to 3600 seconds.
4 Type save on the command prompt to save the new configuration

telnet@BBS1000+(config-mgmt)# save
After entering the save command, the configuration information is saved in the
BBS 1000+'s Flash memory. It normally takes several seconds before the
configuration is saved. On successful saving the telnet will display the following
message to indicate that the timeout configuration was successful.

Logout the BBS 1000+ There are two different CLI logouts types: Manual Logout and Timeout.
Manual Logout
At any command mode, type the logout command to terminate the current
CLI connection.
For example, if the current command mode is Configure Management, the
user enter the logout command to exit BBS 1000+ system.
Use the following command to logout of the system.
telnet@BBS1000+(config-mgmt)# logout
The following system message will be displayed:

Connection to host lost.
Time-out
A time-out occurs when the user account has been idle for the configured
Idle Timeout period.
For example, if the current command mode is Configure Management,
when the idle time reaches the configured timeout value, the session is
terminated by the system automatically. In this situation the following system
message is displayed:
telnet@BBS1000+(config-mgmt)# Log out by the system
CLI Command Mode The BBS 1000+ CLI utilizes a layered command architecture referred to as
command modes. Each of these command modes provide a subset of CLI
commands. The CLI commands available depends on which command mode is
currently activated.
When the users first logs in they are at the basic user mode, called the EXEC
command mode. In order to access higher level command modes, a password
must be entered. The command modes including their access methods and
related command privileges are described below.
EXEC This command mode allows users to view basic system information and verify
connectivity, but configuration changes are not allowed.
Access Method: At initial user login the user is at the EXEC command mode.
System Prompt: BBS1000+>
Privileged EXEC Besides allowing user access to all of the EXEC command mode commands,
configuration commands that do not require saving, are also permitted. At the
Privileged EXEC command mode, access to the system configuration file is
prohibited.

CLI Command Mode 37
Access Method: From the EXEC prompt "BBS1000+>", enter the command
enable. If the configuration "enable password" is set, the user will be
prompted to enter the Privileged EXEC password.
System Prompt: BBS1000+#
Configure Management From this command mode general management functions can be performed,
such as creating user accounts, password modification, IP address
configuration, file system functions, updating the Boot ROM image, log
management configuration, system re-boot and Access Control List (ACL)
management.
Access Method: From the Privileged EXEC prompt "BBS1000+#", enter the
configure management command.
System Prompt: BBS1000+(config-mgmt)#
Configure Terminal This command mode allows users to make device configuration changes.
These changes can be saved to the BBS 1000+'s flash memory and will be
activated on the next system boot-up. The root level Configure Terminal
command mode, Global Configuration command mode, contains sub-levels
for individual ports, VLANs, and other configuration areas.
Global Configuration
Access Method: From the Privileged EXEC prompt "BBS1000+#", enter the
config terminal command.
System Prompt: BBS1000+(config-t)#
OLT Interface Configuration

OLT Configuration: This command mode is for configuration of specific OLT
parameters on a port-by-port basis.
Access Method: From the Global Configuration prompt "BBS1000+(config-t)#",

enter the interface epon-olt <module/port> command.
Example: BBS1000+(config-t)# interface epon-olt 2/1
System Prompt: BBS1000+(config-t-if-olt-2/1)#
In the system prompt shown above, "2/1" represents OLT module 2 port 1, these
numbers may be different depending on which module/port is accessed.
ONU Configuration
ONU Configuration: ONU Configuration is a sub-mode of the OLT
Configuration command mode. It is used for configuring of ONU logical port
parameters.

Access Method: From the OLT Configuration prompt

"BBS1000+(config-t-if-olt-<module/port>)#", enter the onu <logical ONU port
ID> command.
Example: BBS1000+(config-t-if-olt-2/4)# onu 31
System Prompt: BBS1000+(config-t-if-onu-2/4/31)#
In the system prompt shown above, "2/4/31" represents OLT module 2, port 4
and ONU logical port 31 , these numbers may be different depending on which
module/port is accessed.
Some CLI command modes are listed in the table below:

Table 3 CLI Command Modes
CLI
Command Access From/
Mode Parent Mode Access Command Prompt Functions
EXEC Telnet or NA (system login) BBS1000+> Allows the user to view
Terminal basic system information
Emulation and verify connectivity,
e.g. ping
Privileged EXEC enable BBS1000+# All EXEC mode
EXEC Command (optional: password) commands and
Mode configuration commands
that do not require saving,
are also permitted.
Debug EXEC debug BBS1000+(debug)# Use debug commands for
Command troubleshooting specific
Mode problems or during
troubleshooting sessions
with UTStarcom technical
support staff
Management Privileged configure management BBS1000+(config-mgmt)# Configuration of
Configuration EXEC BBS1000+ global
Command parameters
Mode
Terminal Privileged configure terminal BBS1000+(config-t)# Configuration of PON
Configuration EXEC global parameters
(Global) Command
Mode
OLT Interface Terminal interface epon-olt module/port BBS1000+(config-t-if-olt-1/1) Configuration of OLT
Configuration Configuration # parameters
(Global)
["1/1" represents the OLT
module and port numbers;
actual values may differ]
n
ONU OLT Interface onu Lport ID BBS1000+(config-if-onu-1/1/ Configuration of ONU
Configuration 1)# parameters
Configuration
["1/1/1" represents the OLT
module, OLT port & logical
ONU port numbers; actual
values may differ]

CLI Access Level 39
Table 3 CLI Command Modes (continued)
CLI
Command Access From/
Mode Parent Mode Access Command Prompt Functions
Gigabit Terminal interface giga-ethernet module/port BBS1000+(config-t-if-ge-1/1) Configuration of
Interface Configuration # Gigabit-Ethernet
(Global) parameters
Configuration ["1/1" represents the BBS
module and GE port
numbers; actual values may
differ]
Link Terminal interface link-aggregation LinkID BBS1000+(config-t-if-lg-1)# Configuration of Link
Aggregation Configuration Aggregation parameters
Interface (Global) ["1" represents the LAG ID]
Configuration
Interface Terminal interface range RangeID BBS1000+(config-t-if-range-g Configuration of range
Range Configuration e2/1-3)# parameters
(Global)
Configuration ["ge2/1-3" represents GE
module 2 ports 1-3]
Loopback Terminal interface loopback LoopID BBS1000+(config-t-if-lpb-1)# Configuration of Loopback
Interface ["1" represents the loopback Interface parameters
Configuration ID]
Configuration
VLAN Terminal interface vlan vlanID BBS1000+(config-t-vlan-333) Configuration of VLAN
Interface Configuration # parameters
(Global)
Configuration ["333" represents the VLAN
ID]
DHCP Terminal ip dhcp pool name BBS1000+(config-t-DHCP)# Configuration of DHCP
Configuration parameters
Configuration (Global)
ONU Upgrade Terminal onu-upgrade BBS1000+(config-t-onu-ugp) Configuration of ONU
Configuration Configuration # upgrading parameters
(Global)
CLI Access Level Each CLI command has an access level of 0, 1, 2, or 10. The CLI access levels
are described below:
Access Level:
0 Read-only user: Configuration information can only be read.
1 Port-level user: The user has port level configuration read/write access, but
is not permitted to modify the system configuration.
2 Power user: The user can control the entire system excluding the
configuration of other login accounts.
10 Administrator: The user can control the entire system, including the
configuration of other login accounts.

CLI Syntax A CLI command includes the command itself and other mandatory and/or
Conventions optional keywords and parameters. This document uses the following CLI
syntax conventions:
Table 4 CLI Syntax Convention Description
Type Face
or Symbol Description
Boldface Characters in bold typeface represent a command or key word.
Italics Italics represent a variable or placeholder for a user supplied
parameter. In situations where italics are not appropriate, the
variable is enclosed in angle brackets (< >).
Plain text Plain text represents the screen display or system prompt.
<placeholder> Text enclosed in angle brackets (< >) indicate a variable or
placeholder supplied by the user when italics cannot be used.
[optional] Square brackets ([ ]) indicate optional keywords or parameters. For
optional multiple choice keywords, individual keywords are
separated by a vertical bar "|"
{x | y | z} Braces ({ }) indicate a required keyword choice. Individual keywords
are separated by a vertical bar "|"
Syntax Example 1:
BBS1000+(config-t)# mac-address-table static mac-address vlan vlanid
interface <interfaceType> <interfaceID>
Syntax Example 2:
BBS1000+(config-mgmt)# snmp-server community-string {ro|rw}
{enable|disable}
In example 1, "BBS1000+(config-t)#" is the system prompt;
"static-mac-address" is the CLI command; "mac-addr, vlanid and portnum" are
required user supplied values; "vlan and port" are required keywords; "cos
value" is an optional keyword and user supplied value.
In example 2, "BBS1000+(config-mgmt)#" is the system prompt;

"snmp-server" is the CLI command; "community-string" is a user supplied
value; "ro|rw" are "enable|disable" are required keyword choices.
CLI Command Help The BBS 1000+ CLI provides various help and shortcut keys. The table below
lists the main shortcuts and methods for obtaining help within CLI.
Table 5 Shortcuts for obtaining help within CLI"
Method Function
Type "?" in any CLI command mode All available commands in the present
command mode are displayed.
Partial command entry + "?" All commands beginning with the text
entered are displayed. (Do not enter a space
before the question mark.)

Hotkey 41
Table 5 Shortcuts for obtaining help within CLI"
Command + <space> + "?" The complete syntax and brief description of

the command is displayed.
Partial command entry + <tab> The system automatically completes the
command or keyword.
If the input command and/or keyword is not Then the system will execute this partial
completed, but its length is long enough for command, which is the same as the
the system to recognize the command complete command.
Type "tree" in any CLI command mode All available commands in the present
command mode are displayed in tree format.
"Ctrl-P" or the up arrow key Invoke a previously issued command. The
last 20 commands are available.
History Enter history to display the last 30
commands issued.
Example 1:
Command: BBS1000+> ?
Enable- Turn on privileged commands

login - Log in as a particular user
cls - Clear the screen
exit - Exit intermediate mode
help - Description of the interactive help system
history - Show command history
logout - Log off this system
set - Set
show - Show running system information
tree - Show command tree
who - Display users currently logged in
BBS1000+>
Example 2:
Command: BBS1000+(config-t)#po?
pon-sys
BBS1000+(config-t)#pon-sys
Example 3:
Command: BBS1000+# configure t + <Tab>
BBS 1000+# configure terminal
Hotkey

Table 6 Hotkeys
Hotkey Function
Ctrl-Z The command entered before pressing the hotkey will be
issued and the command mode will return to EXEC
command mode. If no command is entered, present
command mode state returns to the EXEC command
mode.
Ctrl-B, left arrow Move the cursor left without deleting characters
Ctrl-F, right arrow Move the cursor right until reaching the end of the line
Ctrl-E Move the cursor to the end of the line
Esc-B Move the cursor back one word
Esc-F Move the cursor forward one word
Backspace Move the cursor left deleting the previous character
Ctrl-D Delete the character at the present cursor position
Ctrl-U Delete text up to the cursor
Ctrl-K Delete text after the cursor
Ctrl-A Move the cursor to the beginning of the line
Esc-D Delete remainder of word
Ctrl-W Delete word up to the cursor
Ctrl-P Get prior command history
Ctrl-N Get next command history
Up arrow Review command history one at a time
Down arrow View next command until reaching the current command
Ctrl-T Transpose current and previous character

BEFORE SYSTEM CONFIGURATION
2
In order to understand the start up tasks in chapter 3, the following introduction
is listed below:
BBS 1000+ System Hardware
BBS 1000+ PON Running Modes
BBS 1000+ Start Up Procedures
BBS 1000+ System Figure 5 BBS 1000+ system interface modules

Hardware
BBS 1000+ has 1 Gigabit Switch Module (GSM) and one or two Line Terminal
Modules (LTM). There are 12 Gigabit Ethernet switch ports on the GSM module.
Four of these GE ports (GE3/1-GE3/4) provide BBS 1000+'s four uplink ports.
The other 8 GE ports (GE1/1-GE1/4 and GE2/1-GE2/4) are the internal
downlink ports connected to two LTM modules. Modules LTM1 and LTM2
provide the BBS 1000+ system with eight external downlink ports. The four ports
of the LTM1 module on the right are named OLT1/1 to OLT1/4. The ports of the
LTM2 module on the left are named OLT2/1 to OLT2/4.

44 Chapter 2: Before System Configuration
Table 7 BBS 1000+ internal and external ports
Port Type Port Name Abbreviated Name Ethernet/PON port

Uplink GE port GE3/1-GE3/4 Uplink port Gigabit Ethernet(GE) port; L2 switch
port
Downlink GE port GE1/1-GE1/4 NA
and GE2/1-GE2/4
Downlink OLT port OLT1/1-OLT1/4 Downlink port PON port
and OLT2/1-OLT2/4
Figure 6 BBS 1000+ back view(DC)
There are four uplink ports and eight downlink ports on the BBS 1000+ back.
BBS 1000+ PON BBS 1000+ supports PON running mode which includes system running mode,
Running Mode PON port mode and ONU running mode, refer to the figure below.
Figure 7 BBS1000+ PON running mode

BBS 1000+ PON Running Mode 45
System running mode

It includs Unique-tag mode and Mixed-tag mode.
Unique-tag mode
All successfully registered ONUs are automatically assigned to different
VLANs. After passing OLT, downstream data is marked untagged.
Mixed-tag Mode
This system running mode includes two PON port modes which are
Transparent mode and Stck-tag mode.
PON port Mode
Transparent mode
All successfully registered ONUs are automatically assigned to a default
VLAN(VLAN ID=0). OLT will not do any tag manipulation and ONU is not
associated to any specific tag.
Stack-tag mode
All successfully registered ONUs are assigned a default VLAN(VLAN ID=1).
After passing OLT port, tag will be added to upstream untagged packets,
VLAN tag is removed from downstream tagged packets with tag equal to
'stacked tag
QinQ tag handling mode
All successfully registered ONUs are assigned a default VLAN(VLAN
ID=1). In addition to customer's VLAN tag, a service provider's VLAN tag
is added to a packet sent upstream and removed from a packet sent
downstream. This is also called double tag mode.
QinQ mode could only be configured when the system is in mixed-tag
mode and the PON port is in stack-tag mode. Under the same OLT PON
port, different ONU could be configured as QinQ mode or non-QinQ
mode.
"stack-tag" mode and "transparent" mode would be based on PON port, and
"QinQ" mode would be based on ONU.
In Unique-tag system running mode, vlan-mode per PON port and QinQ per
ONU configurations could not be configured. PON running mode for port and
ONU are all fixed.
Tag Handling in Different The VLAN handling mechanism for downstream/upstream data through BBS
Running Mode 1000+ system's PON part are different for different running mode. For the
composition of BBS 1000+ PON part, please refer to Figure 8

For detailed information about the PON part, please refer to Table 8.
Figure 8 BBS 1000+ PON Part
Table 8 VLAN ID Handling Mechanism for the four Running Modes
Unique tag handling mode Match native tag Not match native tag
Unicast/ Upstream Tagged Keep tag Discard
Multicast/
Untagged Add native tag
Broardcast
Downstream Tagged Remove tag Discard
Untagged Discard
Transparent tag handling mode Match native tag Not match native tag
Unicast/ Upstream Tagged Keep tag Keep tag
Multicast/
Untagged Keep untagged
Broardcast
Downstream Tagged Keep tag Keep tag
Stack tag handling mode Match native tag Not match native tag
Unicast/ Upstream Tagged Keep tag Keep tag
Multicast/
Broardcast
Downstream Tagged Remove tag Keep tag
QinQ tag handling mode Match native tag Not match native tag
unicast/multicast/bo Upstream Tagged Add native tag Add native tag
ardcast
Downstream Tagged Remove tag Remove tag
untagged Keep untag
Updating the Running The default running mode of the BBS 1000+ system is Transparent mode under
Mode Mixed-tag mode. The user can modify the system running mode at the
Configure Management level and can modify the vlan mode at the PON port
as well as can configure ONU mode per ONU.

After modifying BBS 1000+'s running mode, you must save the configuration
and reboot the system, as shown in the example below.
For Example:
1 Display the current system configured running mode.

Username:admin
Password:
telnet@BBS1000+# show system
describion :[ePON]
sysName :BBS1000+
Location :1275 Harbor Bay Parkway, Alameda, CA 94502,
Tel:1(510)864-8800
Contact :John Smith
Device Id :abcdefghijklmnopqrstuvwxyzabcd
Up Time :[1 days 16h:58m:52s]
CLI Timeout :900 seconds
Inband TTL :128
Outband TTL :128
Management from ONU:disabled
System mode : mixed-tag
BPDU Flood : disable
CPU manufacturer: freescale
CPU type : MPC8250
Memory size : 128M-Byte
Flash size : 16M-Byte
Switch buffer : 1M-Byte
telnet@BBS1000+#
2 Configure system running mode in Unique-tag Mode

telnet@BBS1000+#
telnet@BBS1000+(config-mgmt)# system running-mode
mixed-tag - Application or ISP mode Per OLT and

QinQ mode per ONU
unique-tag - Unique tag handling mode.
telnet@BBS1000+(config-mgmt)# system running-mode unique-tag
Warning: save and reboot system to take effect for system

running mode modification!
telnet@BBS1000+(config-mgmt)# reboot
Are you sure to reboot system? (y/n)y

rebooting...
3 Configure system running mode in Mixed-tag Mode

telnet@BBS1000+(config-mgmt)# system running-mode mixed-tag
Warning: save and reboot system to take effect for system

running mode modification!
rebooting...
4 Configure vlan mode to stack-tag in Mixed-tag mode

telnet@BBS1000+(config-mgmt)#exit
telnet@BBS1000+# configure terminal
telnet@BBS1000+(config-t)# interface epon-olt 1/1
telnet@BBS1000+(config-t-if-olt-1/1)# vlan-mode
stack-tag -Tag will be added to untagged frames,

VLAN tag is removed from downlink tagged frames with tag equal
to 'Stacked tag'
transparent -Frames are passed unchanged
bi-direction
telnet@BBS1000+(config-t-if-olt-1/1)# vlan-mode stack-tag
5 Configure ONU1 connected to epon-olt 1/1 to QinQ mode

telnet@BBS1000+(config-t-if-olt-1/1)# QinQ
<ASCII String> - ONU list, e.g. 1,3,6-9 String up to

64 chars
telnet@BBS1000+(config-t-if-olt-1/1)# QinQ 1
telnet@BBS1000+(config-t-if-olt-1/1)# show interface epon-olt

1/1 onu vlan
OLT LPort vlan-mode VID TPID broadcast_mac_add

----------------------------------------------------------
1/1 1 stack-tag QinQ 1 8100 N
telnet@BBS1000+(config-t-if-olt-1/1)#
6 Set the system's working mode as default and reboot the BBS 1000+ system.
telnet@BBS1000+(config-mgmt)# set factory default

rebooting...
Running mode
Configuring related
Commands
Table 9 Commands to configure running mode
Configuration Task CLI Command

Enter the Configure Management command mode.
BBS1000+(config)# configure management
BBS1000+(config-mgmt)#
Configure BBS1000+'s running mode. system running-mode {unique-tag|mixed-tag }
telnet@BBS1000+(config-t-if-olt-1/1)# vlan-mode vlan-mode {stack-tag|transparent}
telnet@BBS1000+(config-t-if-olt-1/1)# [no]QinQ 1
Set BBS 1000+'s configuration as factory default. set factory default
Save the running configuration. save
Reboot the BBS 1000+ system. reboot
Related Show Commands
Display BBS 1000+ system information, which includes system show system
running mode.
Display BBS 1000+ running configuration, which includes vlan show configuration running
mode.
Display BBS 1000+ ONU running mode and vlan ID show interface epon-olt onu vlan

BBS 1000+ Start Up Figure 9 BBS 1000+ Start Up Procedures

Procedures

STARTING UP BBS 1000+ SYSTEM
3
This chapter gives some configuration tasks which should be performed before
system operation or other service configuration.
The tasks involved in starting up the BBS 1000+ System include:

L2 switch configuration
L3 switch configuration
Setting up BBS 1000+ Before configuring BBS 1000+ as a L2 switch, the following concepts should be
as a L2 switch noted:
1 ONU Lport (Logical Port) Assignment
2 ONU Registration Process
3 In-Band and Out-Band Management
4 ICMP/ARP
ONU Lport (Logical Port) Each of the BBS1000+'s downlink ports, referred to hereafter as PON ports, can
Assignment connect with up to 64 ONUs. Since these 64 ONUs are connected to the same
physical PON port, the individual ONUs are assigned to one of the PON port's
64 logical ports (lports). For assigning ONU and PON port connections, the
BBS1000+ system uses a binding table. The table sets a mapping relationship
between ONU MAC addresses and individual lports. The binding table is user
defined, enabling the lports to be assigned statically.
When lport binding is activated (by default), as each ONU is registered it is

assigned to a specific lport number. This lport number is specified in the binding
table based on the ONU's MAC address.
When lport binding is deactivated, as each ONU is registered it is assigned the

lowest available lport number. For example, the first ONU to be registered on a
PON port is assigned lport number "1". If this ONU goes offline and other ONUs
are registered in the meantime, then when this ONU comes back online it will be
given another lport number (the next lowest available lport number).
To facilitate ONU maintenance especially in regards to VLAN assignment, lport

binding is recommended .

52 Chapter 3: Starting up BBS 1000+ System
ONU Registration By default, Logical Port (lport) to MAC address binding is enabled.
Process
When an ONU is connected to the BBS1000+ and powered on, it goes through
the following registration process:
1 The OLT assigns the ONU a Logical Link ID (LLID).
2 The pre-configured lport number is obtained from the binding table.
3 This lport number is assigned to the ONU.
4 The VLAN ID and other attributes are assigned to the ONU.
For a list of other attributes assigned in step 4 above, refer to Return List on the
Radius Server on page 248.
In-Band and Out-Band Through In-Band management an administrator has remote management
Management access to the BBS 1000+ system. In-Band management can be performed via
the BBS 1000+'s Uplink ports (GE3/1-4) or via ONUs which connect to BBS
1000+'s Downlink ports(GE1-2/1-4).
Out-Band management can be performed locally through the BBS 1000+

Management Port (10/100M Ethernet). For network security this port is in the
DMZ (Demilitarized Zone. On BBS 1000+, the Management port is shown in
Figure 10.
Figure 10 Out-Band Management Port
ICMP/ARP BBS 1000+ supports ICMP(Internet Control Message Protocol) and

ARP(Address Resolution Protocol).
From BBS 1000+ the remote device can be pinged to validate the connection
and routing.
BBS 1000+ supports pinging out from the In-Band interface only.
Configuring BBS 1000+ Application Description

as a L2 Switch In configuring BBS 1000+ as an L2 switch, VLAN planning should be preformed
in advance. In this example topology, VLAN ID 101 is used for the system. The
uplink BBS 1000+ GE port which is connected to a PC must be an untagged
member of this service VLAN.

Setting up BBS 1000+ as a L2 switch 53
Perform the tasks below to configure BBS 1000+ as a L2 switch for untagged
downstream and untagged upstream traffic.
In the following example the PCs connected to the ONU and BBS 1000+ receive
their IP addresses statically.
To simplify the following example the PC addresses are assigned statically.

However, in a typical network configuration, the PC's can also be assigned IP
addresses dynamically via DHCP or PPPoE.
Example Topology
Figure 11 BBS 1000+ L2 switch configuration topology example
The simplified topology shown above is used to describe L2 Switch

configuration with regards to tagged and untagged traffic modes. The OLT1
module's OLT1/1 downlink ports are connected to a PC via an ONU. The BBS
1000+ uplink port (GE3/1) is connected to another PC.
In this example, the BBS 1000+ default lport binding function is enabled.
ONU1's MAC address is bound to GE1/1's lport 1
To enable communication between the PC and the BBS 1000+'s Uplink port
(GE3/1), the uplink port must be a member of the ONU's VLAN. In the example

above, BBS 1000+'s GE3/1 uplink port must be a member of VLAN 101 to
enable communications with PC1.
To ensure that the BBS 1000+'s L2 switch is functioning properly, the connection
between the PC2 and the PC1 must be checked. It can be tested by pinging
from the PC1 to the PC2 or vice versa.
Configuration Requirements
The following example can work in three modes, but only step 6 is given for
different three modes, other steps assume that BBS1000+ is running in
Stack-tag mode.
Configuration Tasks The general tasks involved in configuring the BBS 1000+ L2 switch are given
below. After this task overview, detailed steps are described for each task, using
the topology example in Figure 11.
1 Reconfigure the Management port IP address
2 Login to BBS 1000+ via the management port
3 Configure the ONU's MAC and PON's lport binding
4 Activate the OLT port and the lport binding
5 Verify the OLT and ONUs configuration
6 Configure the servie VLAN for GE3/1and GE1/1
Configure the service VLAN for GE3/1 in Unique-tag Mode
Configure the service VLAN for GE3/1& GE1/1 in Stack-tag Mode
Configure the service VLAN for GE3/1 & GE1/1 in Transparent Mode
7 Perform a connection test
Reconfigure the Management port IP address

1 Login to BBS 1000+ as admin.
2 Enter the CONFIG Management command mode.
telnet@BBS1000+>enable
3 Configure the Management port's (Out-Band management) IP address.

BBS1000+(config-mgmt)#out-band interface fast-ethernet ip
address 192.168.103.227 255.255.255.0
Login to BBS 1000+ via the management port

Before performing the following operation, refer to " Using telnet to login to BBS
1000+" on page 34.

4 Enter the following command to remotely connect to the BBS 1000+ system.
c:\> telnet 192.168.103.227
After the connection is established with BBS 1000+, the following prompt will be
displayed on the screen:
Username:
Pasword:
If this system prompt is not displayed, check the network connection.
5 Enter the user name and password:

Login: admin
Password:*****
telnet@BBS1000+>
Configure the ONU's MAC and PON's lport binding

There are 64 lports in each OLT downlink port (OLT1/1-4, OLT2/1-4), ONUs
connected to the same OLT downlink port can be bound to any one of the lports.
However in actual field deployment, VLANs are carefully planned according to
network requirements. Since the VLAN ID is based on the lport assignment, the
ONU's lport number can be derived from the planned VLAN ID. In this example,
ONU1 is in VLAN 101 therefore its logical port should be lport1 of GE1/1.
1 Enter the CONFIG Terminal command mode.

telnet@BBS1000+(config-t)#
2 Enter the OLT port configuration command mode.

3 Since ONU1 is assigned lport 1, enter the OLT lport 1 configuration command
mode.
In the following command "onu 1" is the same as OLT 1/1's lport 1. To assign
the ONU lport 5, the command would be "onu 5".
telnet@BBS1000+(config-t-if-olt-1/1)# onu 1
telnet@BBS1000+(config-if-onu-1/1/1)#
4 Now from inside lport 1's configuration command mode, bind ONU1's MAC
address with this lport (lport 1).
The ONU's MAC address can be found on a label on the ONU's bottom
cover.
telnet@BBS1000+(config-if-onu-1/1/1)# dba-sla mac
00:07:ba:34:bd:e7
5 Return to the CONFIG Terminal command mode by entering the exit command
twice.
telnet@BBS1000+(config-if-onu-1/1/1)# exit
telnet@BBS1000+(config-t-if-olt-1/1)# exit
When the communication between ONU and OLT is normal, the CLI
command show interface epon-olt 1/1 mac-address-table can be used to
obtain the ONU's MAC address.
Activate the OLT port and the lport binding
1 Enter the following command to enter port OLT1/1's configuration command
mode.
2 The OLT port is in the shutdown state by default, enter the following command
to activate the OLT port..
telnet@BBS1000+(config-t-if-olt-1/1)# no shutdown
Upon the OLT port activation, the connected ONU will be registered
automatically and the lport is bound to the ONU's MAC address.
3 Return to the CONFIG Terminal command mode.

Verify the OLT and ONUs configuration

1 Check the ONU's registration status on the OLT1/1.
telnet@BBS1000+(config-t)# show interface epon-olt 1/1 brief
OLT state admin phy mac Num of transceiver

Hardware Firmware
id state state addr onu type version
version
-----------------------------------------------------------------------------------
1/1 Running Enabled present 00:e0:8e:88:00:01 1 SFP -FIBERXON INC.
0x50010003 0x20009

2 Check ONU's registration information.

telnet@BBS1000+(config-t)# show interface epon-olt 1/1 onu
summary
OLT = 1/1, Logical port = 1, ONU id=1, LLID[0]=1

Name = ONU-1
Internal state = Running, admin state = Enabled
Registered state = Registered, authentication state =
authorized
ONU vlan id = 1
ONU mac address = 00:07:ba:34:bd:e7
User ID = onu_1
RTT TQ = 0
Framed IP Address = 0.0.0.0
Framed Netmask = 0.0.0.0
Laser_on_time = 4
Laser_off_time = 4
Mpcp Timeout = 4000
Multicast filtering = enable
P2p-access policing = disable
P2p-access port_number = 63
P2p-access port bitmap[1-32][33-64]:[0xffffffff][0xffffffff]
Hardware type = ONU100
Hardware version = 0
Firmware version = 02.01.20
Bootloader version = 02.01.10
Configure the service VLAN for GE3/1 in Unique-tag Mode

1 Add GE3/1 as untagged member of VLAN 101.
telnet@BBS1000+(config-t-vlan-101)# member ge3/1 untagged
telnet@BBS1000+(config-t-vlan-101)# pvid ge3/1
telnet@BBS1000+(config-t-vlan-101)#
In this example, ge3/1should be untagged member of VLAN 101 and ge1/1 is

pre-configured as tagged member of VLAN 101.
2 Check VLAN 101's configuration information.
telnet@BBS1000+(config-t-vlan-101)# show vlan 101
VLAN 101:
Name :PON 1
port(s) or group(s) :ge1/1,ge3/1
Tagged port(s) or group(s) :ge1/1
Untagged port(s) or group(s) :ge3/1

telnet@BBS1000+(config-t-vlan-101)# exit
Configure the service VLAN for GE3/1& GE1/1 in Stack-tag Mode

1 Create VLAN 101.
telnet@BBS1000+(config-t)# vlan 101
2 Add GE3/1,GE1/1 as VLAN 101 members.

In this example, ge3/1 should be untagged member of VLAN 101.ge1/1

should be tagged member of VLAN 101.
VLAN 101:
Name :PON 1
Tagged port(s) or group(s) :
Untagged port(s) or group(s) :ge1/1,ge3/1
5 Configure ONU-vlan of the ONU connected to OLT1/1

telnet@BBS1000+(config-t-if-olt-1/1)# onu-vlan 1 101
Changed Vlan tag for ONU 1 to 101
In this example, ONU vlan id should be 101
Configure the service VLAN for GE3/1 & GE1/1 in Transparent Mode
1 Create VLAN 101.
2 Add GE3/1,GE1/1 as VLAN 101 members.

In this example, ge3/1 should be an untagged member of VLAN 101 and

ge1/1 should be a tagged member for VLAN 101.


VLAN 20:
Name :PON 1
Untagged port(s) or group(s) :ge3/1, ge1/1

Perform a connection test

To verify the L2 switch configuration, a ping test is performed from PC2 to PC1.
1 On PC1 assign an IP address in the10.0.0.X subnet; in this example 10.0.0.100
is used.
Figure 12 PC1 IP Address Configuration
2 On PC2 assign an IP address still in the 10.0.0.X subnet; in this example

10.0.0.101 is used.

3 From PC1 ping PC2

C:\ >ping 10.0.0.101
Pinging 10.0.0.101 with 32 bytes of data:

Reply from 10.0.0.101: bytes=32 time<10ms TTL=128
Ping statistics for 10.0.0.101:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
Configuring BBS Before configuring BBS 1000+ as an L3 switch, the following concepts, as
1000+ as an L3 switch related to the BBS 1000+ system, are explained below.
1 PON Authentication Method
2 Configuring Layer 3 Interface Parameters on page 125
Configuring Secondary IP address on page 126
Configuring Routed Port Interface on page 128
Configuring Switch Virtual Interface (SVI) on page 129
Configuring a Super SVI on page 132
3 Configuring ARPon page 148
PON Authentication The BBS 1000+ system can be configured using either of the following two
Method authentication methods:
Local authentication -- enabled by default
Remote authentication through the RADIUS (Remote Authentication Dial-In
User Service) server (IEEE 802.1x).
In this section Local Authentication (the default) is described.
For remote authentication configuration details, refer to chapter Configuring

Remote Authentication on page 241.
Configuring BBS 1000+ Application Description

as an L3 Switch In the following example, two PCs are connected to BBS 1000+ via separate
ONUs. These two ONUs are members of different VLANs. BBS 1000+ is
configured as an L3 switch and is connected via its uplink port to the Cisco 3750
switch. The PCs connected to the ONUs receive their IP addresses statically.
To simplify the following example the PC addresses are assigned statically.

However, in a typical network configuration, the PC's can also be assigned IP
addresses dynamically via DHCP or PPPoE.

Configuring BBS 1000+ as an L3 switch 61
Example Topology
Figure 13 Configuring BBS 1000+ as a L3 switch
In the topology above, ports OLT1/1 and OLT1/2 are connected to two PCs via
ONUs. The uplink is connected to the L3 Switch's g1/0/5 port via BBS 1000+'s
GE3/1 uplink port.
In this example BBS 1000+ uses lport binding, to bind ONU1's MAC address
with OLT1/1's lport 1 and ONU2's MAC address is bound to OLT1/2's lport 1.
When BBS 1000+ operates as a L3 Switch, the uplink port (GE3/1) is configured
as a Routed Interface, and the downlink ports OLT1/1 and OLT1/2 are
configured as one Super VLAN.
To ensure that the BBS 1000+'s L3 switch function is working normally, the L3
connection between the PC and the Cisco 3750 switch must be tested. In order
to test the connection, an IP address must be configured for the Cisco 3750
switch's g1/0/5 port. Then from PC1, ping the BBS 1000+'s Super SVI. Then
from the BBS 1000+ GE3/1 port, ping the Cisco 3750 switch's g1/0/5 port.
Finally from PC1 ping the Cisco 3750 g1/0/5 port.

The Cisco switch is configured as in the example network topology and is
accessible from BBS 1000+.
Configuration Tasks The general tasks involved in configuring BBS 1000+ as an L3 switch are given
1 Reconfigure the Management port's IP address.
2 Login to BBS 1000+ via the Management port.
3 Configure the ONU's lport and PON's MAC binding.
4 Activate the OLT port and enable lport binding.
6 Configure the Router Interface for GE3/1.
7 Configure the Super SVI:
Configure the Super SVI in Unique-tag Mode
Configure the Super SVI in Transparent Mode
Configure the Super SVI in Stack-tag Mode
8 Create a Router Interface on the Cisco switch.
9 Add a static route on BBS 1000+
10 Configure the IP address for the PCs
11 ARP Configuration on BBS 1000+.
12
The default login username/password combination is: admin/admin for the
system administrator and guest/guest for a read only user.
Reconfigure the Management port's IP address.

1 Login to the BBS 1000+ system as admin.
2 Enter the CONFIG Management command mode.
3 Configure the Management port's (Out-Band management) IP address.

telnet@BBS1000+(config-mgmt)#out-band interface fast-ethernet
ip address 192.168.103.227 255.255.255.0

Login to BBS 1000+ via the Management port

Before performing the following operation, refer to " Using telnet to login to BBS
1000+" on page 34.
1 Enter the following command to remotely connect to the BBS 1000+ system.
c:\> telnet 192.168.103.227
After the connection is established with BBS 1000+, the following prompt will be
displayed on the screen.
Username:
Pasword:
If this system prompt is not displayed, check the network connection.
2 Enter the user name and password:

Login: admin
Password:*****
telnet@BBS1000+>
Configure the ONU's lport and PON's MAC binding.

There are 64 lports in each OLT downlink port (OLT1/1-4, OLT2/1-4), ONUs
network requirements.

mode.
In the following command "onu 1" is the same as OLT 1/1's lport 1. To assign
the ONU lport 5, the command would be "onu 5".
The ONU's MAC address can be found on a label on the ONU's bottom
cover.
00:07:ba:34:af:36
5 Return to the CONFIG Terminal command mode by entering the exit command
twice.
6 Bind ONU2's MAC address with lport1 of OLT1/2.


00:07:ba:35:a2:e0
7 Return to the CONFIG Terminal mode by entering the exit command twice.
Activate the OLT port and enable lport binding.

1 Enter the following command to enter port OLT1/1's configuration mode.
to activate the OLT port.
After the OLT port is activated, the connected ONU will be registered
automatically and the lport will be bound to the ONU's MAC address.

4 Enter OLT1/2's port configuration command mode.

5 Activate OLT1/2 port. (The connected ONU is registered at the same time).


The following procedure uses OLT1/1 port and ONU1 as an example. This
procedure should be performed on OLT1/2 and ONU2 also.
1 Check the ONU's registration status on the OLT.
OLT state admin phy mac Num of transceiver Hardware Firmware
id state state addr onu type version version
---------------------------------------------------------------------------------------------------------
1/1 Running Enabled present 00:e0:8e:88:00:01 1 SFP -FIBERXON INC. 0x50010003 0x20009
2 Check ONU1's registration information.

telnet@BBS1000+(config-t)# show interface epon-olt 1/1 onu
summary
-------------------------------------------------------------
Name = ONU-1
authorized
ONU vlan id = 1
ONU mac address = 00:07:ba:34:bd:b1
User ID = onu_2
RTT TQ = 4
Laser_on_time = 4
Laser_off_time = 4
Mpcp Timeout = 4000
Configure the Router Interface for GE3/1.

1 On the BBS 1000+ configure port GE3/1 as a Router Interface. Set its IP
address to 40.0.0.10.

2 Enter port GE3/1's configuration command mode.

telnet@BBS1000+(config-t)# interface giga-ethernet 3/1
telnet@BBS1000+(config-t-if-ge-3/1)#
3 Configure GE3/1 as a router port.

telnet@BBS1000+(config-t-if-ge-3/1)# no switchport
4 Set GE3/1's IP Address.

telnet@BBS1000+(config-t-if-ge-3/1)# ip address 40.0.0.10
255.255.255.0
5 Enable the GE3/1 port.

telnet@BBS1000+(config-t-if-ge-3/1)# no shutdown
6 Check the router interface information.

telnet@BBS1000+(config-t-if-ge-3/1)# show interface
giga-ethernet 3/1
GigaEthernet3/1 is up, line protocol is up

Internet address is 40.0.0.10/255.255.255.0
MTU 1500 bytes
L3 in Switched: Octets: 1053028 bytes ucast: 16445 pkt
mcast: 1 pkt bcast: 2 pkt
L3 out Switched: Octets: 768016 bytes ucast: 2752 pkt
mcast: 3625 pkt bcast: 4155 pkt

telnet@BBS1000+(config-t-if-ge-3/1)# exit
Configure the Super SVI in Unique-tag Mode

1 Create a VLAN and assign GE ports (GE1/1 and GE1/2) as tagged members of
the VLAN.
telnet@BBS1000+(config-t-vlan-1000)# member ge1/1-2 tagged
In this example, ge1/1-2 should be tagged member of VLAN 1000, ge1/1 and
ge1/2 are pre-configured as tagged member of VLAN 101 and VLAN 165
respectively.

2 Create two IP addresses on a VLAN interface.

telnet@BBS1000+(config-t)# interface vlan 1000
telnet@BBS1000+(config-t-if-vlan-1000)# ip add 50.0.0.10

255.255.255.0

255.255.255.0 secondary
Use secondary keyword to define a secondary IP address on the VLAN

interface.
3 Configure the VLAN interface as a Super-SVI type.
telnet@BBS1000+(config-t-if-vlan-1000)# super-svi
4 Add SVI member interfaces (VLAN 101 and 165) to the Super SVI.
telnet@BBS1000+(config-t-if-vlan-1000)# member 101,165
telnet@BBS1000+(config-t-if-vlan-1000)# no shutdown
telnet@BBS1000+(config-t-if-vlan-1000)# exit
5 Verify the configuration.

telnet@BBS1000+(config-t)# show interface super-vlan
Super Vlan id: 1000
Member: 101,165
Configure the Super SVI in Transparent Mode

1 Create VLAN 101 and assign GE1/1 as untagged member of the VLAN.

the VLAN.
GE1/1 and GE1/2 can be tagged or untagged members of VLAN 1000.


255.255.255.0

255.255.255.0 secondary

interface.

Super Vlan id: 1000

Member: 101,165
Configure the Super SVI in Stack-tag Mode

GE1/1 should be untagged member of VLAN 101.
GE1/2 should be untagged member of VLAN 165.
the VLAN.
GE1/1 and GE1/2 can be tagged or untagged members of VLAN 500.


255.255.255.0

255.255.255.0 secondary

interface.


Super Vlan id: 1000
Member: 101,165
8 Configure ONU-VLAN of the ONU1 connected to the OLT1/1 and the ONU2
connected to the OLT1/2.
telnet@BBS1000+(config-t-if-olt-1/2)#exit
Create a Router Interface on the Cisco switch.

1 Login to the Cisco 3750 switch and enter the CONFIG Terminal command
mode.
Depending on the actual equipment, the configuration procedure may differ
from the following. Refer to the manufacture's documentation for detailed
instructions..
c:\> telnet 10.230.3.3750
3750>
3750>enable
Password:******
3750# configure terminal
The following message will be displayed.
Enter configuration commands, one per line. End by pressing

CTRL+Z.
3750(config)#
2 Enter the Cisco switch interface configuration command mode.

3750(config)#interface gigabitEthernet 1/0/5
3750(config-if)#
3 Configure Cisco switch port g1/0/5 as a router port.

3750(config-if)#no switchport
3750(config-if)#
4 Configure the Cisco switch g1/0/5 port's IP address and start up this port.
3750(config-if)#ip address 40.0.0.1 255.255.255.0
3750(config-if)# no shutdown
3750(config-if)#
5 Return to the Privileged EXEC configuration command mode.

3750(config-if)#exit
3750(config)#exit
3750#
6 Save the configuration in the Cisco 3570 switch's flash memory.

3750# write
Building configuration...
[OK]
3750#
Add a static route on BBS 1000+

telnet@BBS1000+(config-t)# ip route 0.0.0.0 0.0.0.0 40.0.0.1
Configure the IP address for the PCs

1 Set PC1's IP address to 50.0.0.100 and the Gateway address to 50.0.0.10.

Figure 14 PC1 IP Address Configuration
2 Set PC2's IP address to 60.0.0.100 and the Gateway to 60.0.0.10.

ARP Configuration on BBS 1000+.
There are two methods for configuring ARP.
Using host-route command:
1 To add the PCs' host routes into the host-route table.
telnet@BBS1000+(config-t)# host-route 50.0.0.100 interface
vlan 1000 sub-vlan 101 member ge1/1

2 Verify the host-route configuration.

telnet@BBS1000+(config-t)# show host-route
Codes: H - static host-route configuration, A - static ARP

configuration

Address Hardware Addr Type Interface

------------------+-----------------+----------+-----------
40.0.0.1 00:13:1a:d1:03:48 dynamic ge3/1
50.0.0.100 00:0d:56:f6:3b:8c static(H) Vlan101
60.0.0.100 00:0d:56:fb:e1:f3 static(H) Vlan165
Using arp command:

1 Configure ARP table for the PCS.
telnet@BBS1000+(config-t)# arp 50.0.0.100 00:0B:DB:0A:3F:78
interface vlan 1000 sub-vlan 101 member ge1/1
telnet@BBS1000+(config-t)# arp 60.0.0.100 00:d0:05:7c:fc:0a

2 Verify the ARP configuration.

telnet@BBS1000+(config-t)# show arp

Expire(secs)
------------------+-----------------+--------+----------+----
40.0.0.1 00:13:1a:d1:03:48 dynamic ge3/1 319
50.0.0.100 00:0d:56:f6:3b:8c dynamic Vlan101 329
60.0.0.100 00:0d:56:fb:e1:f3 dynamic Vlan165 359
Perform an L3 connection test.
1 In the following example, PC1 is used to test the L3 connection, by sending a

ping command from PC1 to the BBS 1000+ Super SVI.
PC1:
c:\> ping 50.0.0.10

Reply from 50.0.0.10: bytes=32 time=2ms TTL=30
2 In the following example, PC2 is used to test the L3 connection, by sending a

ping command from PC2 to the BBS 1000+ Super SVI secondary IP address.
PC2:
c:\> ping 60.0.0.10



3 From BBS 1000+, use the ping command to test the connection between BBS
1000+'s Router Interface and Cisco 3750.
telnet@BBS1000+(config-t)# ping 40.0.0.1
Sending 5, 100-byte ICMP Echos to 40.0.0.1, timeout is 2

seconds:
!!!!!
Success rate is 100 percent (5/5)
4 In the following example, PC1 is used to ping test the connection between PC1
and the Cisco 3750 switch, but first a new routing item must be added to the
Cisco switch's routing table.
3750(config)#ip route 50.0.0.0 255.255.255.0 40.0.0.10
3750(config)#do show ip route
241(config)# do show ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF
inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external
type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E
- EGP
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 -
IS-IS level-2
ia - IS-IS inter area, * - candidate default, U -
per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
S 1.0.0.0/8 [15/0] via 61.241.11.1

50.0.0.0/24 is subnetted, 1 subnets
S 50.0.0.0 [1/0] via 40.0.0.10
S 2.1.1.0 [1/0] via 1.1.1.2
C 19.1.1.0 is directly connected, GigabitEthernet1/0/19
S 100.0.0.0/8 [1/0] via 192.168.103.86
C 71.0.0.0/8 is directly connected, Vlan1
C 64.1.11.0 is directly connected, Loopback6

BBS 1000+ Working in QinQ Mode 75

S 112.1.1.0 [1/0] via 111.1.1.2
C 37.1.1.0 is directly connected, Vlan4
O IA 111.1.0.0 [110/2] via 10.230.3.219, 01:35:09,
GigabitEthernet1/0/1
O IA 111.1.128.0 [110/7] via 10.230.3.219, 01:35:09,
S 211.9.2.0/24 [65/0] via 10.230.3.254
S 88.0.0.0/8 [1/0] via 192.168.103.86
S 192.168.103.0/24 [1/0] via 10.230.3.254
C 61.241.11.0 is directly connected,
S 61.207.24.0 [1/0] via 61.241.11.1
S 61.219.16.0 [1/0] via 61.241.11.1
241(config)#
From PC1
c:> ping 40.0.0.1

... ...
BBS 1000+ Working in This section describes when BBS 1000+ works as an L2 switch and how to
QinQ Mode configure that BBS 1000+ works in QinQ mode as required in application.
Application Description The packets from the customer connected to the BBS 1000+ are tagged. BBS
1000+ creates a channel for transmiting the packets from the customer, adding
its ISP service VLAN to the packets. And the double tagged packets are
processed by the upstream network side of BBS 1000+.

Example Topology
Figure 15 QinQ Application Example Topology
OLT1/1 of BBS 1000+ is connected to the customer access side through ONU1,
and the uplink GE3/1 is connected to the network side. VLAN 20 is the service
VLAN of the customer and VLAN 10 is the ISP service VLAN on BBS 1000+.
Suppose ONU1 is registered successfully.
The equipment on the upstream network side can process the double-tagged
data.
Configuration Tasks
1 Verify that BBS 1000+ is running in QinQ mode

2 Create ISP Service VLAN 10
3 Configure the Onu-vlan of the ONU connected to OLT1/1.
Verify that BBS 1000+ is running in QinQ mode

If BBS 1000+'s working mode is not QinQ, change it to QinQ. Refer to "Updating
the Running Mode" on page 46 for details.
telnet@BBS1000+(config-t-if-olt-1/1)# show interface epon-olt onu vlan

BBS 1000+ Working in QinQ Mode 77
OLT LPort vlan-mode VID TPID

broadcast_mac_add
----------------------------------------------------------
1/1 1 stack-tag QinQ 20 8100 N
Create ISP Service VLAN 10

telnet@BBS1000+(config-t-vlan-10)# member ge1/1,ge3/1 tagged
telnet@BBS1000+(config-t-vlan-10)#exit
telnet@BBS1000+(config-t)# show vlan 10
VLAN 10:
Name :
Tagged port(s) or group(s) :ge1/1,ge3/1
Untagged port(s) or group(s) :
Configure the Onu-vlan of the ONU connected to OLT1/1.

Result Analysis:
The packets with service VLAN tag(20) are sent from the downstream
customer access side. When passing through BBS 1000+, they are added
with ISP service VLAN tag (10). On the upstream network side, the packets
with double tags are received.
The packets with double tags are sent from the upstream network side.
When passing through BBS 1000+, ISP service VLAN tag (10) is removed.
On the downstream ISP access side, the packets with customer service
VLAN tag (20) are received.

IN-BAND AND OUT-BAND SETTING
4
In-band and Out-band In-Band management provides the administrator remote management access to
Introduction BBS 1000+ through an ISP network. Management traffic must be separate from
other service traffic. This can be achieved via VLAN implementation, by
configuring a management VLAN that is separate from other service VLANs.
BBS 1000+ can use any of the uplink ports (GE 3/1-4) for remote in-band
management. The port used is then assigned to a particular VLAN, according to
prior network planning.
Out-Band management is performed locally through the BBS 1000+'s Fast

Ethernet (Management) port . This port can be put in DMZ (Demilitarized Zone)
within an ISP network. The Management port is shown on Figure 16.
Figure 16 FE Port for Out Band Management(DC)
In-Band Management Configuration

To provide remote access to the BBS 1000+ uplink port for In-Band
management, the uplink port must to be configured as a L3 interface. This
interface can either be an SVI or a Router Interface (RI).
Uplink port SVI or RI configuration are described in the Configuring Switch

Virtual Interface (SVI) and Configuring Routed Port Interface on page 128.
BBS 1000+ can be managed from downlink ports via ONU. This feature can be
configured under Management Configuration mode. It is disabled by default.
Example1: Display BBS 1000+'s system information to check the configuration

of management from ONU.
telnet@BBS1000+(config-mgmt)# show system
description :[ePON]
sysName :BBS1000+
Tel:1(510)864-8800
Contact :John Smith

80 Chapter 4: In-band and Out-band Setting
Inband TTL :128
Outband TTL :128
CPU type : MPC8250
telnet@BBS1000+#
Example2: Enable manage from onu.
telnet@BBS1000+(config-mgmt)# in-band manage-from-onu enable
Example3: Disable manage from onu.
telnet@BBS1000+(config-mgmt)# in-band manage-from-onu disable
Out-Band Management Configuration

For Out-Band Management configuration, refer to "Reconfigure the
Management port IP address " on page 54.
TTL for Management

TTL is Time to Live. There is a TTL default value for in-band and out-band
management session. The TTL value can be reconfigured.
Enter the following CLI commands to set TTL vaules:

In-band Management: In-band ttl <1-255>
Out-band Management: Out-band ttl <1-255>

In-Band Configuration example-- SVI 81
In-Band Configuration In the following example, the In-Band management port is configured as an SVI.
example-- SVI
Example Topology
Figure 17 In-Band Configuration Topology
The management PC must be able to connect with the Cisco L3 switch.
Configuration Tasks The general tasks involved in configuring the In-Band management port using
SVI are given below. After this overview, detailed steps are described for each
task, using the topology example in Figure 17.
1 Configure the BBS 1000+ GE3/1 uplink port as SVI
2 Configure SVI on the Cisco switch.
3 Add a static IP route on BBS 1000+
4 Configure the gateway for the PC
5 Login to BBS 1000+ via telnet.
Configure the BBS 1000+ GE3/1 uplink port as SVI

1 Enter the Configure Terminal command mode.
telnet@BBS1000+#
2 Create a management VLAN according to the network plan. In this example,

VLAN 400 is used.
The management port must be configured as a tagged member of the
management VLAN..

3 Add port GE3/1 as an tagged member of VLAN 400.

telnet@BBS1000+(config-t-vlan-400)# member ge3/1 tagged
4 Verify that the VLAN information is correct.

VLAN 400:
Name :
port(s) or group(s) :ge3/1
5 Configure the SVI's IP address (In this example 40.0.0.10/24 is used).

telnet@BBS1000+(config-t-if-vlan-400)#
telnet@BBS1000+(config-t-if-vlan-400)# ip address 40.0.0.10

255.255.255.0
6 Enable the SVI.

7 Verify that the SVI configuration is successful.

telnet@BBS1000+(config-t)# show interface vlan 400
Vlan400 is up, line protocol is up

MTU 1500 bytes
L3 in Switched: Octets: 0 bytes, ucast: 0 pkt, mcast: 0 pkt,
bcast: 0 pkt
L3 out Switched: Octets: 0 bytes, ucast: 0 pkt, mcast: 0 pkt,
bcast: 0 pkt
Verify Out-band default gateway

When a host or server is connected to BBS 1000+ via an in-band management
interface, then the out-band gateway should not be configured on BBS 1000+.
If one is configured, then it should be disabled by setting its IP address as
0.0.0.0."
telnet@BBS1000+(config-t)# show boot attributes
System boot attributes:

ip address : 192.168.103.202
ip mask : 255.255.255.0
host ip address : 192.168.103.15
next hop : 0.0.0.0
ftp user name : gepon
ftp user password : 123456
boot file name : 2.31.0.10.stz
boot device : flash
The next hop line specifies out-band management default gateway, which is
0.0.0.0.
If the next hop field is any other value except 0.0.0.0, there are two methods to
reconfigure the out-band gateway.
Enter Vxworks mode
Using [no] ip route command
Enter Vxworks mode
1 Enter VxWorks mode to reconfigure gateway.

BBS1000+# debug
BBS1000+(debug)# bcm
BCM.0> reboot
...
DS1921 init successful ( Bus Clock 66 MHz),RTC is OK
I2C clock rate 400 KHz
BBS1000+A BOOTROM version: 01.03.01.000
Press any key to stop auto-boot...
1
[VxWorks Boot]: c
'.' = clear field; '-' = go to previous field; ^D = quit
boot device : flash0
processor number : 0
host name : host
file name : BBS1000plus.stz
inet on ethernet (e) : 192.168.103.251:ffffff00
inet on backplane (b): 255.255.255.0
host inet (h) : 192.168.103.5
gateway inet (g) : 192.168.103.254 .
user (u) : epon
ftp password (pw) (blank = use rsh): epon
flags (f) : 0x0
target name (tn) : aaa.st
startup script (s) :
other (o) : motfcc
2 Verify the configuration on gateway.

BBS1000+# show boot attributes

ip address : 192.168.103.251
ip mask : 255.255.255.0
next hop : 0.0.0.0
ftp user name : epon
ftp user password : epon
boot file name : BBS1000plus.stz

boot device : flash
Using [no] ip route command
1 Enter Management Configure command mode.

2 Display the system boot attribute to check the gateway information.

telnet@BBS1000+(config-mgmt)# show boot attributes

ip address : 192.168.103.251
ip mask : 255.255.255.0
next hop : 192.168.103.254
boot device : flash
3 Enter no ip route command to delete the out-band management gateway.

telnet@BBS1000+(config-mgmt)# no ip route 0.0.0.0 0.0.0.0
192.168.103.254
4 Verify the configuration on gateway.

BBS1000+# show boot attributes

ip address : 192.168.103.251
ip mask : 255.255.255.0
next hop : 0.0.0.0
boot device : flash
Configure SVI on the Cisco switch.

1 Login to the Cisco 3750 switch and enter the CONFIG Terminal command
mode.
Depending on the actual equipment, the configuration procedure may differ
from the following. Refer to the manufacture's documentation for detailed
instructions.
c:\> telnet 192.168.103.219
3750>
3750>enable

Password:******
3750#configure terminal
The following message will be displayed.
Enter configuration commands, one per line. End by pressing

CTRL+Z.
3750(config)#
2 Enter the Cisco switch interface configuration mode.

3750(config-if)#
3 Configure port g1/0/5 as trunk mode with dot1q encapsulation.

3750(config-if)#switchport trunk encapsulation dot1q
3750(config-if)#switchport mode trunk
4 Configure native VLAN 400 for the g/1/0/5 port.

3750(config-if)#switchport trunk native vlan 400
5 Create and activate an SVI.

3750(config-if)#interface vlan 400
3750(config-if)#no shutdown
3750(config-if)#
Add a static IP route on BBS 1000+

Configure the gateway for the PC

1 Set the Gateway address to 192.168.103.219.

Figure 18 PC Gateway Configuration
Login to BBS 1000+ via telnet.

1 Perform a connection test from the PC to BBS 1000+.
c:\> ping 40.0.0.10

2 From the PC login to BBS 1000+ using telnet.

c:\> telnet 40.0.0.10
3 From the login prompt, enter the user name and password.
Username: Admin
Password: *****

Initial SNMP Configuration 87
Initial SNMP The GEPON NMS communicates with NEs via the Simple Network
Configuration Management Protocol (SNMP) for supporting various management functions.
Each managed NE is configured with an SNMP Agent, which supports SNMP
Version 2c (SNMPv2c).Each NE SNMP agent maintains a persistent
Management Information Base (MIB), a database containing node level
inventory, fault and performance management information. The NE SNMP
Agent also controls the flow of management information between the
management server and the node.
Application Description
In this example Netman 4000 is the SNMP server used to manage BBS 1000+.
Using in-band management and the management VLAN is 400.
Example topology
Figure 19 SNMP Configuring Topology
BBS 1000+'s Uplink GE port GE3/1connects with the SNMP Server-Netman

4000 via the L3 Switch. The uplink port GE3/1 is configured as a SVI. Here the
SNMP Server is configured as a trap receiver.
Netman 4000 OMC-D has been installed on the SNMP Server.
The L3 Switch Cisco 3750 interfaces connected to SNMP server and BBS
1000+ have been configured.
Configuration Tasks The general tasks involved in configuring SNMP on the BBS 1000+ system are
given below. After this task overview, detailed steps are described for each task,
using the topology example in Figure 19.
1 Configure the BBS 1000+ GE3/1 uplink port as an SVI
2 Add BBS 1000+ Node on Netman 4000 OMC-D.

The default system administrator's account and password are: admin and
admin.
Configure the BBS 1000+ GE3/1 uplink port as an SVI

telnet@BBS1000+#
2 Create a management VLAN according to the network plan. In this example,

VLAN 400 is used.
The management port must be configured as a tagged member of the
management VLAN..
3 Add port GE3/1 as a tagged member of VLAN 400.

4 Verify that the VLAN information is correct.

VLAN 400:
Name :
5 Configure the SVI's IP address (In this example 10.0.0.10/24 is used).


255.255.255.0
6 Enable the SVI.


7 Verify that the SVI configuration is successful.


MTU 1500 bytes
bcast: 0 pkt
bcast: 0 pkt
8 Perform a connection test from the BBS 1000+ to the SNMP Server.
Sending 5, 100-byte ICMP Echos to 192.168.103.100, timeout is

2 seconds:
!!!!!
SNMP Configuration on BBS 1000+.

1 Enter the Configure Management command mode.
telnet@BBS1000+(config-t)#exit
telnet@BBS1000+#
2 Activate the SNMP service on BBS 1000+.

telnet@BBS1000+(config-mgmt)# snmp-server enable
3 Configure the SNMP community for BBS 1000+.

BBS 1000+ supports two communities, one is a read-only community and by the
default it is "public". The other is a read-write community and by default it is
"private." The community can be specified as any string up to 31 characters
long. Ensure that the community configuration between the BBS 1000+ and the
server match. The following commands can be used to configure the community
strings, these commands will overwrite the default community.
telnet@BBS1000+(config-mgmt)#snmp-server community "mypublic"
ro
telnet@BBS1000+(config-mgmt)#snmp-server community
"myprivate" rw
4 Configure trap receiver.

telnet@BBS1000+(config-mgmt)# snmp-server host
192.168.103.100 enable

User can configure trap receiver on SNMP Server, too. Details please refer to
Netman 4000 OMC-D Operation Guide.
5 Verify the SNMP configuration on BBS 1000+
telnet@BBS1000+(config-mgmt)# show snmp-server
sysName : BBS1000+
Location: 1275 Harbor Bay Parkway, Alameda, CA 94502,
Tel:1(510)864-8800
Contact : John Smith
upTime :[0 days 00h:05m:39s]
SNMP is Enabled.
SNMP read-only access community string: mypublic
SNMP read-write access community string: myprivate
SNMP Trap host ip : 192.168.103.100
SNMP Trap commuinity: mypublic
SNMP Trap status : enable
SNMP Trap port : 162
6 Remove out-band management gateway.

When SNMP server is in-band connected, out-of-band default gateway should
not be configured . The details operation refer to Verify Out-band default
gateway on page 82.
Add BBS 1000+ Node on Netman 4000 OMC-D.
1 Logon to Netman 4000 OMC-D.
2 From Netman 4000 OMC-D TopoUI Client, click "Retrieve Edit Lock" icon.
Figure 20 Netman 4000 OMC-D TopoUI Client window
3 Right click the right blank area and select "create NE" on the shortcut menu.

Figure 21 Create NE window
4 Input IP address as 10.0.0.10. This is the IP address for the interface of the BBS
1000+'s uplink GE port GE3/1.
5 Select BBS 1000+ from NE Type drop list.
6 Input getcommunity as "mypublic" and writeCommunity as "myprivate".
7 Click <Add>.
8 From Netman 4000 OMC-D TopoUI Client, click "Release Edit Lock" icon.

BASIC CONFIGURATION
5
GEPON BBS1000+ switch provides with various configurable features. You can
configure BBS1000+ according to the specific network requirements.
This chapter describes how to configure basic, non-protocol features including:

Configuring Basic System Information
Configuring Layer 2 Ports
Introduction to BBS 1000+ GE ports
Configuring Layer 2 Link Aggregation
Configuring Interface Range
Configuring Layer 3 Interface Parameters
Configuring Routed Port Interface
Configuring Switch Virtual Interface (SVI)
Configuring a Super SVI
Creating Layer 3 Link Aggregation Interfaces
Configuring MAC Address Table
Configuring ARP
Configuring an IP Route
Configuring Port Mirror
UTStarcom's GEPON BBS 1000+ switches are configured at the factory with
default parameters that permit basic operation of the system.
Configuring Basic This section describes how to configure the following basic system parameters:
System Information
Contact information
System location
System name
System description
System device ID
System clock
System hostname

94 Chapter 5: Basic Configuration
All configuration commands listed in below table must be performed from the
Configure Management command mode.
Table 10 ASIC System Information Configuration Commands
Configuration Task CLI Command String Size

Enter the Configure Management command mode.
Set the contact person system contact string 255
Set system location system location string 255
Assign a system name system hostname string 31
Brief system description system description string 255
Set the system device ID system device-id string 30
Manage the system clock system clock hh:mm:ss 8
Display system information show system
If the string includes spaces, enclose it between single or double quote marks.
All strings, except system clock, can contain any combination of alphanumeric
and punctuation characters.
Configuration Examples
1 Display basic system information.

BBS1000+(config)# show system
description :[ePON]
sysName :BBS1000+
Tel:1(510)864-8800
Contact :John Smith
Device Id :UTS-0000-0000-0000
.. screen output truncated...
2 Change the BBS 1000+ system's description to "GEPON BBS 1000+ system".
BBS1000+(config-mgmt)# system description 'GEPON BBS1000+

system'
telnet@BBS1000+(config-mgmt)# show system
description :[GEPON BBS1000+ system]

sysName :BBS1000+
Tel:1(510)864-8800
Contact :John Smith
Device Id :UTS-0000-0000-0000

Configuring Layer 2 Ports 95
3 Set the BBS 1000+ host name.

telnet@BBS1000+(config-mgmt)# system hostname BBS1000+-1
telnet@BBS1000+-1(config-mgmt)#
4 Save the configuration.

telnet@BBS1000+-1(config-mgmt)# save
success
telnet@BBS1000+-1(config-mgmt)#
Configuring Layer 2 BBS 1000+ Gigabit-Ethernet ports, Link Aggregation ports, PON ports or a
Ports range of interfaces can be configured as Layer 2 ports.
GE ports are switch ports associated with a physical GSM port
Link Aggregation ports are composed of GE ports
PON ports are OLT ports associated with a physical LTM port
Interface ranges are composed of GE ports or Link Aggregation ports
Layer 2 GE/LAG ports are used for managing the physical port and
associated layer 2 protocols and do not handle routing or bridging.
This section describes how to configure the following Layer 2 ports.

Gigabit-Ethernet port
PON port
Layer 2 Link Aggregation
Interface Range
For PON port configuration, refer to OLT Management on page 188.
Introduction to BBS
1000+ GE ports
GE Port Features Administrative Status

GE ports can be enabled or disabled by setting the port's administrative status.
By default GE port administrative status is Enabled.
Use the CLI command shutdown or no shutdown to change the port's

administrative status to Disabled (shutdown) or Enabled (no shutdown).
In certain situations the port's administrative status needs to be changed. For

example, when BBS 1000+ must communicate through the port, it must be
activated (Enabled).

Link Status of GE Port

The default link status of GE port is Down.
Depending on whether the link is an uplink or downlink, change of the link status
using the following rules:
For BBS 1000+ uplink GE port, when it has physical link, its link status is Up.
For BBS 1000+ downlink GE port, if OLT port's administrative status is Enable,
the downlink GE port's link status is Up.
PVID
PVIDPort based VLAN IDis used to label GE ports' VLAN association. If a
downstream untagged packet is received by a BBS 1000+ OLT's uplink port
(GE3/1-4), the packet will be assigned the port's PVID.
An L2 port can belong to multiple VLANs. When assigning a PVID to an L2 port,

the PVID has to be one of the L2 port's VLAN IDs. For example, if an L2 port
belongs to VLAN 100, VLAN 200 and VLAN 300, then 100, 200 or 300 can be
chosen as the L2 port's PVID.
Traffic Storm Control

BBS 1000+ provides three types of traffic storm control: broadcast, multicast
and unicast. By setting the threshold for each packets type, data storms can be
prevented. The threshold represents the percentage of the total available
bandwidth on the port. On BBS 1000+ the threshold value can be 0-10000, for a
range of 0% to 100% in 0.01% increments. When the threshold is exceeded the
packets are doffed.
Figure 22 Traffic Storm Control

Introduction to BBS 1000+ GE ports 97
The maximum packet rate on BBS 1000+ is 262143pps. As shown in Figure 22,
the Broadcast storm control threshold is 10%. When the broadcast traffic rate
reaches 10% of the maximum port rate (262143pps) or 26214pps, the system
will drop the additional broadcast packets. Once the rate drops below the
configured threshold value, the packets will again be forwarded.
When the threshold is set to 0 for a particular data type, all of that type of traffic
will be dropped.
On BBS 1000+ STP packets are treated the same as Multicast packets,
therefore when the Multicast Storm Control parameter is zero(0), all STP
packets will also be dropped.
The following warning message is display each time the Storm control
configuration is changed.
Warning: Arbitrary dropping of certain types of broadcast

frames can result in network instability that in some cases
interrupt network operation.
Issue the CLI show configuration running command to display the traffic
storm control configuration.
By default, port storm control is disabled.
Auto Negotiation
The uplink GE ports on BBS 1000+ have the Auto Negotiation function. When
auto negotiation is enabled on the ports at both ends, the working mode (half or
full duplex) and rate (10Mbps, 100Mbps or 1000Mbps) is automatically set to the
highest level provided on both ports.
In order for auto negotiation to function properly, the far-end equipment should
also have this function. Auto negotiation is enabled by default.
The default uplink GE port working mode and rate is full-duplex at 1000Mbps.
The GE port can only operate at 1000Mbps when operating in full-duplex. When
the rate is set to 100Mbps or 10Mbps, after enabling auto negotiation function,
the two ports will only need to decide the working mode between half-duplex
and full-duplex.
Flow Control
BBS 1000+ provides flow control in both the receive and transmit directions. In
order for flow control to function properly, the far-end equipment should also
have this function. Flow control is enabled by default.
An example of flow control in the receiving direction is described below:

Assuming that flow control is activated on the GE port, when traffic congestion
occurs, the port will send a message to the far-end port informing it to stop
sending messages temporarily. After receiving the message, the far-end port will
stop sending packets to BBS 1000+ temporarily to avoid packet loss.
Ingress filter
If a downstream tagged packet is received by a BBS 1000+ uplink port
(GE3/1-4), it will be forwarded according to the port's configuration, as described
below:
If the uplink port's (GE3/1-4) Ingress filter function is enabled, only those
packets belonging to the uplink port's VLANs will be forwarded. Other
packets will be discarded.
If the uplink ports' (GE3/1-4) Ingress Filter function is not enabled, all packets
with VLAN IDs listed in the BBS 1000+ VLAN table will be forwarded,
regardless of whether the port is a member of the VLAN or not. Other
Ingress filter is enable by default.
Rate Limit
BBS 1000+ provides rate limiting on both upstream and downstream traffic of
the GE ports. The configurable rate range is 1-1000Mbps.
If the GE port's rate limit is set to 100Mbps and the ingress traffic rate exceeds
this limit, the excess incoming packets will be discarded. If the forwarding
method is First-In-First-Out (FIFO), then when the rate reaches 120Mbps, the
excess 20 Mbps will be discarded.
Rate limit is disabled by default.
User-isolation
When user isolation is activated, users in the same VLAN of BBS 1000+
different downlink ports are separated from each other. Users under one
downlink port are always separated, even if user isolation is activated. The
default User-isolation value is Enabled. When any two of these users want to
communicate, they must communicate through the L3 level.
When the VLAN ID is not enough for all equipments connected in the BBS
1000+ downlink ports, or for whatever reason setting the same VLAN ID for
multiple equipments, and the users in these VLAN cannot visit each other, in
those cases, users need to activate user isolation function in the downlink ports.

Introduction to BBS 1000+ GE ports 99
Figure 23 User-isolation example
In the above figure, ONU1 and ONU3 belong to VLAN100. If the PCs connected
to ONUs cannot visit each other, in this case, user needs to activate
user-isolation function in ports GE1/1 and GE1/4.
Also, in the above figure, ONU1 and ONU3 belong to VLAN100, If the PCs
connected to ONU1 and ONU3 can visit each other, in this case, user needs to
shut down user-isolation function in port GE1/1 port and GE1/4 port.
PCs connected to ONU1 and ONU2 can't visit each other for they are connected
to the same OLT1/1 port even if ONU2 belongs to VLAN100. If the
communication is needed between the above PCs, the above two ONU's
p2p-access work mode must be enable. For the details, refer to ONU p2p
Configuring on page 207.
GE ports Configuration
Tasks
Table 11 Typical GE port configuration commands
Configuration Task CLI Command Default Value

Enter the GE port(i.e. GE1/2) configuration command mode
BBS1000+(config)# configure terminal
BBS1000+(config-t)# interface giga-ethernet 1/2
BBS1000+(config-t-if-ge-1/2)#
Put the port into layer 2 mode switchport switchport

Table 11 Typical GE port configuration commands (continued)
Configuration Task CLI Command Default Value

Assign a PVID to the port pvid vid 1
Activate/Deactivate the port (administrative status) [no] shutdown enable
Configure traffic storm control storm-control {broadcast | multicast | unicast} disable
{threshold-value | disable}
Note: Threshold value range 0-10,000 equals 0
100% in 0.01% increments
Enable/disable port auto-negotiation [no] auto-negotiation enabled
Activate/Deactivate upstream or downstream flow [no] flowcontrol {receive | transmit} enabled
control
Enable/Disable ingress VLAN filtering on the [no] ingress-filter enabled
current interface
Set the maximum frame size that the current max-frame <64 - 65535> 1532
interface can receive
Set upstream or downstream rate limiting on the [no] rate-limit {input | output} <1 - 1000> disabled
current interface
Put the uplink ports into layer 3 mode no switchport N/A
Enable/Disable user isolation on the current user-isolation {disable | enable} enabled
interface
Display the layer 2 interface status show interface giga-ethernet <module/port> switchport
Display the layer 2 interface counter show interface giga-ethernet <module/port> counter
Configuring Layer 2 BBS 1000+ has 12 GE ports which operate as layer 2 interfaces. These GE
Link Aggregation ports can be managed either individually. The four uplink ports can be also
managed as a Link Aggregation Group (LAG). LAGs group are a collection of
physical ports together as if they are a single port. By trunking several links of
equal speed together to form a port bundle, we can provide higher bandwidth
and redundancy between switches or servers.
BBS 1000+ has the capacity of providing up to 32 Link Aggregation groups.

Each LAG can support up to eight GE ports as its members.
Link Aggregation Before making physical connections between devices, the trunk should be
Interface Restrictions configured on the devices at both ends. When using a port trunk, note that:
Trunk ports must all be 1000 Mbps
Ports at both ends must be configured as trunk ports
Ports at both ends of a trunk must be configured identically, including speed,
duplex mode, and VLAN assignments
Trunk port members cannot be configured as mirror source or target ports
All the ports in a trunk must be treated as a whole when added or removed
from a VLAN

Configuring Layer 2 Link Aggregation 101
All the ports in the trunk group must be in the same spanning tree state
Ports in a trunk can only belong to the same VLANs as those assigned to the
trunk.
Enable the trunk prior to connecting any cables to avoid creating a loop
Disconnect all trunk port cables or disable the trunk ports before removing a
port trunk to avoid creating a loop
Link Aggregation Layer

2 Configuration Tasks
Table 12 Typical Layer 2 LAG configuration commands

Enter Link Aggregation group (i.e. 1) configuration command mode.
BBS1000+(config-t)# interface link-aggregation 1
BBS1000+(config-t-if-lg-1)#
Create Link Aggregation Group load-balance <src-mac | dst-mac | src-dst-mac | src-ip | dst-ip | src-dst-ip>
Add Link Aggregation Group into VLAN add-to vlan {vlanID vlan-ID} {tagged | untagged}
Add Member to Link Aggregation Group member member-list
Remove Link Aggregation Group Member no member member-list
Remove Link Aggregation Group From VLAN delete-from vlan {vlanID vlan-ID}
Remove Interface from Link Aggregation Group no interface link-aggregation group-ID
Set the Link Aggregation Group PVID pvid vid
Assign Link Aggregation Group Name description group-name
Show Link Aggregation Interface Switch Port show interface linkAggregation group-ID switchport
information
Show Link Aggregation Summary show link-aggregation summary
Link Aggregation Group The normal procedure for creating a Link Aggregation group is described below:
Management Procedure
1 Create an empty group by specifying the group ID (value from 1 to 32) and the
load-sharing algorithm. Once the link aggregation group is created, its default
PVID is 1.
2 Add Link Aggregation Group members. Be sure that all the members only
belong to the default VLAN.
3 Add the Link Aggregation Group to VLAN(s) as a normal Layer 2 interface.
Afterwards all the trunk ports become members of the VLAN(s)
4 If the LAG members are untagged, configure the Link Aggregation Group's
PVID when needed.
5 The Link Aggregation Group name can be assigned if required.

6 Display the Link Aggregation Group information.
If the ports to be assigned to the trunk are already trunk VLAN members, the
following method is recommended for creating a Link Aggregation Group:
1 Create an empty group by specifying the group ID (value from 1 to 32) and the
load-sharing algorithm.
2 Add the LAG to VLAN(s) as a normal layer 2 interface
3 Add members to the Link Aggregation Group.
If the members are untagged, configure Link Aggregation Group PVID when
needed.
4 The Link Aggregation Group name can be assigned if required
The LAG can be removed by entering following command. In this example, 2 is

the LAG ID:
telnet@BBS1000+(config-t)# no interface link-aggregation 2
Warning: This LAG has more than 2 members, deleting it could

cause potential loop.
After the execution of this command the system will perform the following
actions:
Delete this Link Aggregation from all VLANs.
The ports will continue to be members of the previous trunk VLANs.
Delete this Link Aggregation in the BBS 1000+ system.
Example of Creating an Application Description

L2 Link Aggregation As shown in the example topology in Figure 24, PC1, PC2 and PC3 are
Group connected to BBS 1000+ via separate ONUs. BBS 1000+ connects to the Cisco
Switch using Link Aggregation. A LAG is established to make sure that all PCs
can communicate with the Server via the Cicso L3 switch.

Example Topology
Figure 24 Link Aggregation Configuration Topology
In this configuration, BBS 1000+ functions as an L2 switch. An LAG (Link

Aggregation 2) is created and BBS 1000+ uplink ports GE3/3 and GE3/4 are
added as member ports . ONU1 and tagged LAG2 belong to VLAN101. ONU2
and tagged LAG2 belong to VLAN102. ONU3 and untagged LAG2 belong to
VLAN293. LAG2's PVID is set to 293
Base ID VLAN of BBS 1000+ is set to the default (101).
ONU1 is bound to lport 1 of OLT1/1, ONU2 is bound to lport 2 of OLT1/1 and
ONU3 is bound to lport 1 of OLT1/4. All ONUs can register with BBS 1000+
successfully.
The Channel-group has been pre-configured on the L3 Switch (Cisco 3750).
The link between the Cisco switch and the server is working normally.

Configuration Tasks The general tasks involved in creating a L2 Link Aggregation are given below.
After this task overview, detailed steps are described for each task, using the
topology example in Figure 24.
1 Create the Link Aggregation Group

2 Ensure that ports are members of the LAG VLANs
3 Add Port Members to the LAG
4 Configure the LAGs PVID
5 Assign an LAG Name
6 Verify the Link Aggregation configuration on BBS 1000+
Create the Link Aggregation Group

A LAG's bandwidth is the sum of its member ports' bandwidths
1 Create LAG 2.
2 Specify the load-balance algorithm for use on LAG 2. In this example, the
Source IP algorithm is used.
The six load-balancing algorithms are: Source MAC; Destination MAC;,
Source and Destination MAC; Source IP; Destination IP; Source and
Destination IP
BBS1000+(config-t-if-lg-2)# load-balance src-ip
NOTE: Link Aggregation Group 2 is created and added into the

default VLAN (1) with a PVID of 1.
3 Display VLAN 1 information.

BBS1000+(config-t-if-lg-2)# show vlan 1
VID Name Ports Tag ports
-----+-------+------------------------------+----------------
1 Default VLAN
ge1/1-4,ge2/1-4,ge3/3-4,lg1*[ge3/1-2],lg2*[]
Refer to Link Aggregation Group Load-sharing Algorithm on page 113 for

Load-balancing details.
4 Display the LAG interface information.
telnet@BBS 1000+(config-t-if-lg-2)# show interface
link-aggregation 2 switchport
Link Aggregation Group: 2

Member list:
Load balance method: src-ip
Maximum receive frame: 1532
Ingress vlan filter: Disabled
Flow Control receive: Enabled
Flow Control transmit: Enabled
PVID: 1

Add the LAG to the VLANs

Add LAG 2 as a tagged member of VLAN 101 and VLAN 102.
When specifying a range of VLANs, the values must be in ascending order.

(Example: 101-102)
1 Add LAG 2 as a tagged member of VLAN 101and VLAN 102.

BBS 1000+(config-t-if-lg-2)# add-to vlan 101-102 tagged
Add to VLAN 101 as TAGGED success.
BBS 1000+(config-t-if-lg-2)# exit
BBS 1000+(config-t)#
Ensure that ports are members of the LAG VLANs

Before adding ports to the LAG, verify that they are members of the trunk VLAN.

VLAN 101:
Name :PON 1
port(s) or group(s) :ge1/1,lg2*[]
Tagged port(s) or group(s) :ge1/1,lg2*[]
2 Add uplink ports GE3/3-4 as tagged members of VLAN101.

BBS 1000+(config-t)# vlan 101
telnet@BBS 1000+(config-t-vlan-101)# member ge3/3-4 tagged
VLAN 101:
Name :PON 1
port(s) or group(s) :ge1/1,ge3/3-4,lg2*[]
Tagged port(s) or group(s) :ge1/1,ge3/3-4,lg2*[]
3 Configure VLAN 102 in the same way as VLAN 101.


VLAN 102:
Name :PON 2
port(s) or group(s) :ge1/1,lg2*[]
Tagged port(s) or group(s) :ge1/1,lg2*[]
VLAN 102:
Name :PON 2
Add Port Members to the LAG

Before the LAG can carry traffic, the network administrator should add ports to
the LAG.
The following criteria should be observed when adding ports to an LAG:

Ports to be added to an LAG must be members of all VLAN that the LAG is a
member of and no others. For example, if LAG 2 belongs to VLAN A, B, and
C only, then to add GE3/1 to LAG 2, it must be a member of VLAN A, B, and
C and no others.
Each member port uses the same PVID as assigned to the LAG.
Ports to be added to an LAG must have the same administrative status. All
port's administrative status must be enabled or disabled.
Ports can only belong to one LAG. If the network administrator tried to assign
GE3/1 to LAG 1 when it was already a member of LAG 2, the action would
fail.
All ports of the same LAG must be configured identically, including bandwidth
(1 Gbps), duplex mode, and VLAN assignments.
After a port becomes a member of an LAG, it cannot be accessed individually
by most CLI commands. For example, the port cannot be added or removed
from a VLAN, like an independent (non-LAG) GE port can.
Single port attributes, such as bandwidth, VLAN attributes, Administrative
Status and Duplex mode, cannot be configured individually when the port
belongs to an LAG.
When adding a new port to an LAG, the port should have the same attributes
as any existing LAG port members.

Independent VLAN learning deals with the layer 2 interface only. So, displaying
the MAC address table only shows the MACs learnt for specific LAGs, not the
port member of the trunk group.
1 Add ports GE3/3 and GE3/4 as members of LAG 2.

telnet@BBS1000+(config-t)# interface link-aggregation 2
telnet@BBS1000+(config-t-if-lg-2)# member ge3/3-4
All static MAC addresses and ACL rules associated with interface ge3/3-4
are cleared by this command.
telnet@BBS1000+(config-t-if-lg-2)# show vlan 101
VLAN 101:
Name :PON 1
port(s) or group(s) :ge1/1,lg2*[ge3/3-4]
Tagged port(s) or group(s) :ge1/1,lg2*[ge3/3-4]
3 Display LAG 2's L2 switch port information.

telnet@BBS1000+(config-t-if-lg-2)# show interface

Member list: ge3/3-4
PVID: 1
4 Display the LAG summary.

telnet@BBS1000+(config-t-if-lg-2)# show link-aggregation
summary
Group Name Ports Load balance

--------+--------------+-----------------------+-------------
2 " "ge3/3-4 src-ip
Configure the LAGs PVID

1 Add LAG 2 as an untagged member of VLAN 293.
BBS1000+(config-t-if-lg-2)# add-to vlan 293 untagged
Add to VLAN 293 as UNTAGGED success.


VLAN 293:
Name :PON 97
port(s) or group(s) :ge1/4,lg2*[ge3/3-4]
Untagged port(s) or group(s) :lg2*[ge3/3-4]
3 Configure LAG 2's PVID.

BBS1000+(config-t-if-lg-2)# pvid 293
BBS1000+(config-t-if-lg-2)# show interface link-aggregation 2

switchport

PVID: 293
Assign an LAG Name

Use the following command to assign the LAG name. Any string up to 16
characters can be assigned. For formatting purposes, only the first eight
characters are displayed when issuing the "show vlan" command.
BBS1000+(config-t-if-lg-2)# description lag2

summary

--------+--------------+-----------------------+-------------
2 "lag2 "ge3/3-4 src-ip
Verify the Link Aggregation configuration on BBS 1000+

From PC1 and PC3 Ping the server to verify the LAG configuration. A success
message will be returned if the configuration is correct.
Removing the LAG on In order to avoid loops, Disconnect the physical LAG connections before
BBS 1000+ removing the LAG:
Basic steps involved in removing an LAG

Remove port members from the LAG
Remove LAG assignments from the VLAN(s)
Remove the Link Aggregation Interface

Step1: Disconnect the physical LAG connections

Step2: Remove Members from the LAG
When removing GE ports from a LAG, the GE port inherits all the VLAN
attributes of the LAG. In the previous example, the LAG2 belonged to VLAN
1(Untag.),VLAN 293(Untag.), 101(Tag.), 102(Tag.), its PVID was 293 and GE
3/3 was a member of the LAG, after removing GE3/3 from the LAG2, GE 3/3 will
still a be a member of VLANs 293, 101 and 102, it is tagged in VLAN 101, 102
and untagged in VLAN 293,VLAN 1. its PVID is 1.Remove ports GE3/3 and
GE3/4 from LAG 2.
telnet@BBS1000+(config-t)# interface link 2
BBS1000+(config-t-if-lg-2)# no member ge3/3-4
4 Verify the removal.

BBS1000+(config-t-if-lg-2)# show link-aggregation summary

--------+--------------+-----------------------+-------------
2 "lag2 " src-ip

VLAN 101:
Name :PON 1

VLAN 293:
Name :PON 97
Untagged port(s) or group(s) : ge3/3-4,lg2*[]
7 Display GE 3/3 Layer 2 information.

giga-ethernet 3/3 switchport
GE: 3/3
Switchport: Enabled
Name: GE-11
MTU: 1500bytes
Speed: 1000Mbps
AdminStatus: Enable
Auto Negotiation: Enabled


Link Status: Down
PVID: 1
Step3: Remove the LAG from the VLANs

1 Remove LAG 2 from VLAN101and VLAN102.
A range of VLAN IDs can be specified, but the range must be in ascending
order.
BBS1000+(config-t-if-lg-2)# delete-from vlan 101-102
Delete from VLAN 101 success.
BBS1000+(config-t-if-lg-2)# exit
BBS1000+(config-t)#
2 Re-assign the LAG PVID to the default (1).


Description: lag2
Member list: ge3/2,ge3/4
PVID: 500
telnet@BBS1000+(config-t-if-lg-2)# pvid 1
3 Remove LAG 2 from VLAN 293.

telnet@BBS1000+(config-t-if-lg-2)# delete-from vlan 293
telnet@BBS1000+(config-t-if-lg-2)#exit

VLAN 101:
Name :PON 1
port(s) or group(s) :ge1/1,ge3/3-4
Tagged port(s) or group(s) :ge1/1,ge3/3-4

VLAN 293:
Name :PON 97
Step4: Remove the Link Aggregation Interface

1 Remove LAG 2.
BBS1000+(config-t)# no interface link-aggregation 2

Verify the deleting.
BBS1000+(config-t)# show link-aggregation summary
--------+--------------+-----------------------+-------------
Delete the Link Aggregation Directly

1 Disconnect the physical LAG connections
2 Delete the LAG
Delete the LAG by entering the following command:

When this command is executed, the following operations are performed:

This LAG is removed from all VLANs
The port members inherit all VLAN membership from the previous LAG.
The LAG is removed from the BBS 1000+ system.
Practical Configuration In actual practice, the following LAG creation steps are usually followed:
Tips
1 Create VLAN(s)
2 Create a LAG
3 Add this LAG to the VLAN(s) created in the step 1.
4 Add member ports to the LAG.
The basic steps for performing these procedures are described below:
Create VLAN 101 and 102 and assign member ports to the VLANs

Create LAG 2
telnet@BBS1000+(config-t-if-lg-2)# load-balance src-ip
NOTE: Link Aggregation Group 2 is created and add into VLAN 1

and PVID is 1.
Add LAG 2 to VLAN 101 and 102

1 Add link aggregation to VLAN
telnet@BBS1000+(config-t-if-lg-2)# add-to vlan 101-102 tagged
2 Display VLAN information.

VLAN 101:
Name :
port(s) or group(s) :ge3/3,ge3/4,lg1*[]
Tagged port(s) or group(s) :ge3/3,ge3/4,lg1*[]
Add GE3/3-4 as member of LAG 2

NOTE: All the static MAC address and ACL rules associated with
interface ge3/3-4 have been cleared.
Verify the Link Aggregation 2

1 Display LAG 2 information.

PVID: 1

2 Display VLAN information.

VLAN 101:
Name :PON 1
port(s) or group(s)
:ge1/1,lg1*[ge3/1-2],lg2*[ge3/3-4]
Tagged port(s) or group(s)
:ge1/1,lg1*[ge3/1-2],lg2*[ge3/3-4]
VLAN 102:
Name :PON 2
port(s) or group(s)
:ge1/1,lg1*[ge3/1-2],lg2*[ge3/3-4]
Tagged port(s) or group(s)
:ge1/1,lg1*[ge3/1-2],lg2*[ge3/3-4]
3 Display link aggregation summary information.

summary

--------+--------------+-----------------------+-------------
1 " "ge3/1-2 src-mac
2 " "ge3/3-4 src-ip
telnet@BBS1000+(config-t-if-lg-2)#
Link Aggregation Group Introduction

Load-sharing Algorithm BBS 1000+ provides Link Aggregation Group Load-sharing based on the
following algorithms, mentioned as Rtag.
SMAC (Source MAC)
DMAC (Destination MAC)
SMAC and DMAC (SMAC XOR DMAC)
SIP (Source IP)
DIP (Destination IP)
SIP and DIP (SIP XOR DIP)
User can configure the link aggregation group Rtag while the group is first
created and empty only.
In most situations, a layer 2 link aggregation group should be tagged members

of all VLANs it belongs to, although this is not mandatory.

When referring to individual links within a LAG, the following notation is used.
The first active link inside the link aggregation group uses index 0; the
second uses index 1.
if the link of index M in an LAG is down or removed, the original index M+1
becomes index M link and the original M+2 becomes index M+1 link...
The following examples are described to aid the network administrator in

choosing the correct algorithm.
Example of Using DMAC Application Description

as the Loading-sharing Host1 is connected to BBS 1000+ via an ONU, and BBS 1000+ is connected to
Rule a L2 switch over Link Aggregation 1. Link Aggregation 1 load balance the traffic
using a DMAC-based algorithm. Host2 is connected to the L2 switch. Host1 and
Host2 can communicate with each other.
Example Topology
Figure 25 Using DMAC as Loading-sharing Rule
In the following example, GE3/1-4 belongs to VLAN 1 and VLAN 200; they are
tagged in VLAN 200 and untagged in VLAN 1 and are configured as member of
lg1. Lg1 uses DMAC as its load-sharing rule. The third party switch also has the
same configuration on its trunk group and also uses DMAC as the load-sharing

criteria. Traffic between Host1 and Host2 are tagged using VID=200. Here is the
BBS 1000+ configuration.
Configure Requirements
Base_VLAN_ID of BBS 1000+ is reconfigured from 101 to 200.
ONU is bound to lport 1 of OLT1/1 and can register to BBS 1000+
successfully.
Channel-group has been configured on L2 switch.
The link between L3 Switch and Host2 can work normally.
Configuration Steps
1 Logon to BBS 1000+.
Username:admin
Password:******
BBS1000+> enable
BBS1000+#
2 Create VLAN 200.

BBS1000+# show vlan

--------+-------------------+-------------------+------------
1 Default VLAN ge1/1-4,ge2/1-4,ge3/1-4
BBS1000+# configure terminal
BBS1000+(config-t)# vlan 200 LAG-Tst
BBS1000+(config-t-vlan-200)# member ge1/1 tagged
BBS1000+(config-t-vlan-200)# member ge3/1-4 tagged
BBS1000+(config-t-vlan-200)# show vlan 200
VLAN 200:
Name : LAG-Tst
BBS1000+(config-t-vlan-200)# exit
BBS1000+(config-t)#
3 Show Link Aggregation information.

4 Configure Link Aggregation 1.

BBS1000+(config-t-if-lg-1)# load-balance dst-mac

and PVID is 1.
5 Add Link Aggregation 1 to VLAN 200.

BBS1000+(config-t-if-lg-1)# add-to vlan 200 tagged
BBS1000+(config-t)#
6 Show VLAN information.

BBS1000+(config-t)# show vlan

--------+---------------+-----------------------------------------+------------
1 Default VLAN ge1/1-4,ge2/1-4,ge3/1-4,lg1*[] 200
LAG-Tst ge1/1,ge3/1-4,lg1*[] ge1/1,ge3/1-4,lg1*[]
BBS1000+(config-t)#
7 Add member to Link Aggregation 1.

BBS1000+(config-t-if-lg-1)# member ge3/1-4
NOTE: All the static MAC address associated with interface

ge3/1-4 have been cleared.
BS1000+(config-t-if-lg-1)# show link-aggregation summary

--------+------------------+-----------------------+---------
1 NA ge3/1-4 dst-mac

BBS1000+(config-t-if-lg-1)# show vlan

--------+---------------+---------------------------------+------------
1 Default VLAN ge1/1-4,ge2/1-4,lg1*[ ge3/1-4]
200 LAG-Tst ge1/1,lg1*[ ge3/1-4] ge1/1,lg1*[ ge3/1-4]

Result Analyze
1 One link case
BBS 1000+ learns that MAC=00:00:00:00:02/VLAN200 needs to go to LAG1
through independent VLAN learning. It has 4 members in the LAG1 but only one
link up, traffic from Host1 to Host2 goes through L0 and returns from Host2 to
Host1 through L0 too.
Figure 26 One link case, Rtag is dmac
2 Two links case

Then we connect L1 between the BBS 1000+ and the third party switch. So
there are two active links in the LAG1 between BBS 1000+ and third party
switch. The traffic from Host1 to Host2 has 2 choices to go, L0 or L1. BBS
1000+ knows that the MAC 00:00:00:00:00:02/VLAN200 needs to go out of the
switch from either one of the links of LAG1 (traffic from Host1 to Host2 cannot
be partially go L0 and partially go L1 since the sequence could not be
guaranteed in that case). Using below formula to decide which link of LAG1 will
be used when traffic go through between Hosts. The used link here is assumed
L(M).
M = Remainder of ( LSB of DMAC / Active Link's Num.)
LSB means Least Significant Byte. For Example LSB of
DMAC=00:00:00:00:00:02 is 02, LSB of IP address 34.0.0.1 is 1.
Traffic from Host1 to Host2
Here LSB of DMAC is 02, Active Link's Num. is 2.
M= Remainder of ( 2 / 2 ) = 0
So traffic from Host1 to Host2 uses L0.

Figure 27 Two links case , Rtag is dmac
3 Three links case

Then we connect L2 between BBS 1000+ and the third party switch. This time
there are 3 active links between BBS 1000+ and the third party switch.
M= Remainder of ( 2 / 3) = 2
M= Remainder of ( 1 / 3) =1
Figure 28 Three links case, Rtag is dmac
4 Reconfigured two links case

Then we break L1 and now there are two active links between BBS 1000+ and
the third party switch. Since L2 becomes the second link inside the LAG1 and
can be regarded as L1.


M= Remainder of (1 / 2) =1
Figure 29 Break L1, Two links case, Rtag is dmac
Example of Using DIP Application Description

XOR SIP as the Host1 is connected to BBS 1000+ via a ONU, and BBS 1000+ is connected to a
Loading-sharing Rule L2 switch over Link Aggregation 1. Link Aggregation 1 load-balance the traffic
using a algorithm based on DIP XOR SIP. Host2 is connected to the L2 switch.
Host1 and Host2 can communicate with each other.

Example Topology
Figure 30 Using DIP XOR SIP as Loading-share Rule
Now we reproduce the cases in section "Example of Using DMAC as the

Loading-sharing Rule" with the only difference that this example uses DIP XOR
SIP as the criteria instead of using the DMAC. Note that we noticed that for load
balancing rules using IP, the other vendor does not always behave the way we
shown in the following picture (the blue arrow). But the egress rule (the yellow
arrow) from BBS 1000+ is always true in the following picture. Network
administrator should test the third party switch performance first.
Configure Requirements
Base_VLAN_ID of BBS 1000+ is reconfigured from 101 to 200.
ONU is bound to lport 1 of OLT1/1 and can register to BBS 1000+
successfully.
Channel-group has been configured on L2 switch.
The link between L2 Switch and Host2 can work normally.
Configure Steps
1 Logon to BBS 1000+.
Username:admin
Password:******
BBS1000+> enable
BBS1000+#
2 Create VLAN 200.

BBS1000+# show vlan

--------+-------------------+-------------------+------------
BBS1000+(config-t)# vlan 200 LAG-Tst2
BBS1000+(config-t-vlan-200)# member ge3/1-4 tagged
VLAN 200:
Name : LAG-Tst
BBS1000+(config-t)#
3 Show Link Aggregation information.

4 Configure Link Aggregation 1.

BBS1000+(config-t-if-lg-1)# load-balance src-dst-ip

and PVID is 1.
5 Add Link Aggregation 1 to VLAN 200.

BBS1000+(config-t-if-lg-1)# add-to vlan 200 tagged
BBS1000+(config-t)#



--------+---------------+-----------------------------------------+------------
1 Default VLAN ge1/1-4,ge2/1-4,ge3/1-4,lg1*[]
200 LAG-Tst ge1/1,ge3/1-4,lg1*[] ge1/1,ge3/1-4,lg1*[]
BBS1000+(config-t)#
7 Add member to Link Aggregation 1.

BBS1000+(config-t-if-lg-1)# member ge3/1-4
NOTE: All the static MAC address associated with interface

ge3/1-4 have been cleared.
BS1000+(config-t-if-lg-1)# show link-aggregation summary

--------+------------------+-----------------------+------------------
1 NA ge3/1-4 src-dst-ip

BBS1000+(config-t-if-lg-1)# show vlan

--------+---------------+---------------------------------+------------
1 Default VLAN ge1/1-4,ge2/1-4,lg1*[ ge3/1-4]
200 LAG-Tst2 ge1/1,lg1*[ ge3/1-4] ge1/1,lg1*[ ge3/1-4]
Result Analyze
1 One link case, traffic all go through L0.
Figure 31 One link case, Rtag is DIP XOR SIP
There is only one link between BBS 1000+ and the third party switch. So the
traffic between host1 and host2 will go through L0 in the LAG1.
2 Two links case

Then we connect L1 between the BBS 1000+ and the third party switch. So
there are two active links in the LAG1 between BBS 1000+ and third party
switch. But for traffic from Host1 to Host2 will only use one link. Using below
formula to decide which link of LAG1 will be used when traffic go through
between Hosts. The used link here is assumed L(M).
M = Remainder of { (LSB of DIP XOR SIP) / Active Link's Num.}
Here LSB of DIP XOR SIP = 0x22000001 XOR 0x22000002=0x3.
Active Link's Num. is 2.
So traffic from Host2 to Host1 uses L1, too.
Figure 32 Two links case, Rtag is DIP XOR SIP
3 Three links case

Connect L2 between BBS 1000+ and the third party switch, there are three
active links.
Here LSB of DIP XOR SIP = 0x22000001 XOR 0x22000002=0x3.
Active Link's Num. is 3.
Traffic between Host1 and Host2 are using the same link L(M)

Figure 33 Three links case, Rtag is DIP XOR SIP
Configuring Interface The Interface Range command allows specification of a range of interfaces to
Range which subsequent commands are applied. After issuing the Interface Range
command, the system prompt will change indicating access to the Interface
Range Configuration command mode. While in this mode, CLI commands will
be applied to all of the ports within the range.
The following parameters can be configured from the Interface Range command
mode:
Set the PVID for all ports in the range
Shutdown or enable (no shutdown) all ports in the range
There are two Interface Range types, GE port and Link Aggregation. As the
name implies, the GE Interface Range can only contain GE ports, whereas the
Link Aggregation type can only contain LAGs.
Interface Range
Configuration
Commands
Table 13 Interface Range configuration commands

Enter the Interface Range (i.e. GE1/1-4) configuration command mode
BBS1000+(config-t)# interface range ge1/1-4
BBS1000+(config-t-if-range-ge1/1-4)#
Set the PVID for all interfaces in the range pvid id
(Note: All interfaces in this range must be
members of this VLAN)
Set the interfaces into layer 2 mode switchport
Set the uplink interfaces into layer 3 mode no switchport

Configuring Layer 3 Interface Parameters 125
Interface Range The following example assumes that GE3/1 and GE3/2 are already untagged
Configuration Example members of VLAN 100. This example will assign PVID 100 to a range of GE
ports (GE3/1-2).
Enter the Interface Range Configuration command mode.

BBS1000+(config-t)# interface range ge3/1-2
Set the PVID for all ports in the range

BBS1000+(config-t-if-range-ge3/1-2)# pvid 100
Verify the configuration

BBS1000+(config-t-if-range-ge3/1-2)# show interface
GE: 3/1
Name: GE-9
MTU: 1500bytes
Speed: 1000Mbps
AdminStatus: Enable
Link Status: Down
PVID: 100
Configuring Layer 3 This section describes configuration of layer 3 interfaces on the GEPON BBS
Interface Parameters 1000+ switch. There are four types of layer 3 interfaces:
Routed Interface
Switch Virtual Interface
Super SVI
Layer 3 Link Aggregation Interface
Status Introduction There are two types of status conditions on BBS 1000+ L3 interfaces, the
Interface status and the Line Protocol status. Interface status indicates whether
the interface hardware is currently active or is disabled by the administrator. The
Line Protocol status indicates whether the software processes that handle the
line protocol consider the interface unusable or the interface has been disabled
by an administrator.
By default the interface status is down. When the interface is active, the
displayed interface status will be "up"
By default the line protocol status is down. It can be changed the shutdown
and no shutdown commands
An L3 interface only functions properly when both the interface status and line
protocol status are up.

ExampleDisplaying the uplink GE3/1 interface information.

giga-ethernet 3/1

MTU 1500 bytes
L3 in Switched: Octets: 636224362 bytes, ucast: 4338 pkt,
mcast: 1261737 pkt, bcast: 176 pkt
L3 out Switched: Octets: 754944 bytes, ucast: 4300 pkt, mcast:
0 pkt, bcast: 2954 pkt
The first line of the display above indicates that the GE3/1 interface has a
physical link which is active and the line protocol is up.
Configuring Secondary An L3 interface can have one primary IP address and up to 32 secondary IP
IP address addresses. Packets generated by the BBS 1000+ software always use the
primary IP address. Therefore, all routers and access servers should reside in
the same subnet as the primary IP address.
Hosts can determine subnet masks using the Internet Control Message Protocol
(ICMP) mask request message. Routers respond to this request with an ICMP
mask reply message.
You can disable IP processing on a particular interface by removing its IP

address with the no IP address command. Before deleting the primary IP
address, delete all the secondary IP addresses first. If the system detects
another host in the same subnet using one of the IP addresses of the IP
interfaces, it will display an error message on the console.
Secondary addresses are treated like primary addresses, except the system
does not generate a datagram using a secondary IP address as their source
address, other than routing updates with secondary source addresses. IP
broadcasts and Address Resolution Protocol (ARP) requests are handled
properly, as are interface routes in the IP routing table.
Secondary IP addresses can be used in a variety of situations. Two common

applications are described below:
Not enough host addresses available for the uplink IP network segment.

Configuring Layer 3 Interface Parameters 127
Figure 34 Secondary IP address Application on the Uplink Interface
Example: The uplink port GE3/1 primary IP address is 10.0.0.1/25, it's subnet
allows up to 126 hosts per logical subnet. But on one physical subnet there
are 200 hosts connected to BBS 1000+ via two L2 Switches. Using
secondary IP address 20.0.0.1/25 on GE3/1 allows the other hosts to have
two logical subnets using one physical subnet.
The application requires the downstream network to be divided into multiple
subnets.
Figure 35 Secondary IP address Application on a Super SVI
In the topology above, a Super SVI is configured on BBS 1000+. It has

member VLANs from VLAN 2-10, 20-30, and 133-165. In order to separate
PC into subnets the administrator plans that VLAN 2-VLAN 10 belong to
subnet 50.0.0.0/28, VLAN 20-VLAN 30 belong to subnet 60.0.0.0/28, and
VLAN 133-VLAN 165 belong to subnet 70.0.0.0/24. The primary IP address
of this Super SVI is configured as 50.0.0.1/28, secondary IP address as
60.0.0.1/28, and another secondary IP address as 70.0.0.1/24.

Configuring Routed A routed port is a physical port that performs like a port on a router. It does not
Port Interface need to be connected to a router. Routed ports are not associated with a
particular VLAN, as is an untagged port. A routed port behaves like a regular
router interface.
To configure a routed port it must be set to layer 3 mode by using the "no
switchport" command. Next an IP address is assigned to the interface and the
port is enabled using the "no shutdown" command.
On the BBS 1000+ system, only uplink ports (GE3/1-4) can be configured as
routed ports.
Example of Configuring
a Routed Interface
The PC is connected to BBS 1000+'s GE3/2 uplink port. A Routed Interface is

configured on GE3/2 to enable the PC and BBS 1000+ to establish an L3
communication link.
The procedures to create and remove a Routed Interface are described below.
Create a Routed Interface

1 Enter GE3/2 port's configuration mode.
2 Configure GE3/2 as a L3 interface.

BBS1000+(config-t-if-ge-3/2)# no switchport
3 Set the IP address for the GE3/2 interface.

BBS1000+(config-t-if-ge-3/2)# ip address 200.1.2.1
255.255.255.0
4 Enable the GE3/2 interface.

Configuring Switch Virtual Interface (SVI) 129
BBS1000+(config-t-if-ge-3/2)# no shutdown
5 Display the GE3/2 interface information.

giga-ethernet 3/2

MTU 1500 bytes
L3 in Switched: Octets: 54960 bytes, ucast: 417 pkt, mcast: 76
pkt, bcast: 0 pkt
L3 out Switched: Octets: 27528 bytes, ucast: 0 pkt, mcast: 74
pkt, bcast: 0 pkt
Remove the RI Interface

1 Re-configure the RI as a L2 switch port.
telnet@BBS1000+(config-t-if-ge-3/2)# switchport
2 Verify the change.

giga-ethernet 3/2
<Blank Screen Display>

GE: 3/2
Switchport: Enabled
Name: GE-10
MTU: 1500bytes
Speed: 1000Mbps
AdminStatus: Enable
Link Status: Up
PVID: 1
Configuring Switch When packets communicate in L2, they can only be forwarded within the same
Virtual Interface (SVI) VLAN. In order for packets to be routed between different VLANs, L3
communication is required. BBS 1000+ uses SVI (Switched Virtual Interface) to
enable the BBS 1000+'s routing of packets between different VLANs.
By configuring a Switch Virtual Interface (SVI) one or more BBS 1000+ GE ports
can be configured in one VLAN. These GE ports become a virtual single
interface and can be assigned a single IP address to enable routing.
Only one SVI can be configured for each VLAN.

SVI is a L3 interface, the packet processing on an L3 interface includes L2

switching and L3 routing. L2 switching follows the same rule as described in
VLAN ID Processing in Unique-tag/Stack-tag Mode on page 170 and L3 routing
forwards the packets according to the routing table.
SVIs can be created by issuing the interface vlan command from the
configuration terminal command mode.
There are two situations when a GE port must to be configured as an SVI:

When packets exit the Uplink port as tagged packets, because Routed
Interfaces can only forward untagged packets.
When additional uplink connections are needed for backup.
Figure 36 SVI application uplink backup configuration
In the topology above, BBS 1000+ connects to the Internet via two ISPs. The
link between Uplink port GE3/1 and ISP1 is 1000M and always in working mode.
The link between Uplink port GE3/4 and ISP2 is 100M and is in backup mode.
When the 1000M link is down, the 100M link will take over. In this situation,
GE3/1 and GE3/4 must be configured as an SVI. The two GE ports are both
members of VLAN 500 and configured as a single L3 IP address.
Routed Interface (RI) are limited in that they can only be configured with one
interface, whereas with SVI multiple interfaces can be configured to extend the
GE port's interface range. For example in the topology above, uplink port GE3/1
is presently configured in SVI 1, but this port can be later added to another SVI if
needed.
The next section describes SVI configuration procedures.

Configuring Switch Virtual Interface (SVI) 131
Example of Configuring The network topology shown in Figure 36 above is used in this configuration
SVI example. A SVI is configured for BBS 1000+'s GE3/1 and GE3/4 ports, so that
L3 communication can be established between BBS 1000+ and an ISP.
Procedures to create and remove an SVI are described below.
Create a SVI
1 Create a VLAN and assign Gigabit-Ethernet port members to the VLAN.
2 Create an SVI based on VLAN 500 and then display VLAN 500 information.
telnet@BBS1000+(config-t-if-vlan-500)# show vlan 500
VLAN 500:
Name :
Tagged port(s) or group(s) :ge3/2,ge3/4
3 Assign an IP address to the SVI.

255.255.255.0
4 Enable the interface.

5 Display the SVI configuration information.

telnet@BBS1000+(config-t-if-vlan-500)# show interface vlan
500

MTU 1500 bytes
bcast: 0 pkt
bcast: 0 pkt
Remove the SVI

1 Return to the Configure Terminal command mode.
2 Remove the SVI.

telnet@BBS1000+(config-t)# no interface vlan 500
3 Verify the deleting.

Optionally, use the CLI command below to show all L3 interfaces. With this
command you can verify whether the SVI exists.
telnet@BBS1000+(config-t)# show ip interface brief
Configuring a Super In order for packets to be routed between different VLANs, L3 communication is
SVI required. BBS 1000+ uses Super SVI to enable routing of ONU packets
between different sub-VLANs. Sub-VLANs separate virtual broadcast domains
under Super SVI and share the same gateway. Therefore, Super SVI is an
aggregation technique for conserving IP address resources.
Super SVI is an L3 interface. First configure an SVI for one or more BBS 1000+
downlink GE ports. Then define the VLAN as a Super SVI. Last add ONU
VLANs as Super VLAN members.
Figure 37 Super SVI example
In the topology above, Super VLAN 600 has two sub-VLAN, one is VLAN 101
and the other is VLAN 133. The Super SVI's IP address (50.0.0.10/24) becomes
the gateway IP address of each of the CPE PCs. Downlink port GE1/1 and
ONU1 are members of VLAN 101. Downlink port GE1/2 and ONU2 are
members of VLAN 133. These two sub-VLANs separate virtual broadcast
domains under Super VLAN 600.
On the BBS 1000+ system, Super SVI can only be configured on the downlink
GE ports (GE1/1-4 and GE2/1-4).
Configuring a Super SVI 133
Configuring a Super SVI The network topology shown in Figure 37 above is used in this configuration
Example example. A Super SVI interface is configured for BBS 1000+ GE1/1 and GE1/2,
so that L3 communication can be established between BBS 1000+ and the two
PCs.
Procedures to create and delete a Super SVI Interface are described below.
Assum vlan 101 and vlan 133 have been configured.
Create a Super SVI

1 Create a VLAN.
telnet@BBS 1000+(config-t)# vlan 600
2 Assign ports GE1/1 and GE1/2 as tagged members of VLAN 600.

VLAN 600:
Name :
port(s) or group(s) :ge1/1-2
Tagged port(s) or group(s) :ge1/1-2
3 Create an SVI and assign its IP address.


255.255.255.0
4 Configure the SVI as a Super SVI.

5 Add SVI member interfaces to the Super SVI.

telnet@BBS1000+(config-t-if-vlan-600)#member-vlan 101-165
6 Enable the SVI.


telnet@BBS1000+(config-t-if-vlan-600)# show interface
super-vlan
Super Vlan id: 600

Member: 101-165


600
Super Vlan id: 600

Member: 101-164
MTU 1500 bytes
bcast: 0 pkt
bcast: 0 pkt
Delete the Super SVI Interface

1 Return to the Configuration Terminal command mode.
2 Remove the Super SVI.


Creating Layer 3 Link Layer 3 link aggregation ports can be created based on an SVI port or routed
Aggregation port. This section describes both configurations.
Interfaces
The steps for creating an L3 Link Aggregation port based on a SVI port are
listed below.
1 Create a Layer 2 VLAN.
2 Configure a SVI type interface.
3 Assign an IP address to this interface.
4 Based on this SVI, configure a LAG routed interface.
The steps for creating an L3 Link Aggregation port based on a GE routed port
are listed below.
1 Configure a Gigabit-Ethernet routed port.
2 Based on this Gigabit-Ethernet routed port configure a LAG routed interface.
Link Aggregation Application Description

Interface based on SVI When both L2 and L3 applications are required, configure the uplink as an SVI.
Example If the BBS 1000+'s uplink data rate will be higher than 1Gbps, use link
aggregation to increase the bandwidth.

Creating Layer 3 Link Aggregation Interfaces 135
Example Topology
Figure 38 L3 Link Aggregation port based on an SVI port
As shown in Figure 38, BBS 1000+ uplink ports GE3/1 and GE3/4 form Link
Aggregation Group 1, and its IP address is 60.0.0.10/24. The Cisco switch ports
g1/0/5 and g1/0/6 form Channel-group 1, and its IP address is 60.0.0.1/24.
Configuration Tasks The general tasks involved in configuring Link Aggregation Groups for SVIs are
1 Configure Link Aggregation Group 1
2 Configure a SVI Interface
3 Create an Ethernet SVI VLAN 600 on the Cisco switch
4 Connection Testing
Configure Link Aggregation Group 1

1 Create VLAN 600.
2 Create link aggregation 1.

telnet@BBS1000+(config-t-if-lg-1)# description "SVI"
NOTE: Link Aggregation Group 1 is created and added into VLAN

1 and PVID is 1.
3 Add link aggregation 1 to VLAN 600.

telnet@BBS1000+(config-t-if-lg-1)# add-to vlan 600 tagged
Add to VLAN 600 as TAGGED success
4 Add members of link aggregation 1.

telnet@BBS1000+(config-t-if-lg-1)# member ge3/1,ge3/4
NOTE: All the static MAC address and ACL rules associated with
interface ge3/1,ge3/4 have been cleared.
Configure a SVI Interface

1 Create a SVI based on VLAN 600, and assign its IP address.

255.255.255.0
2 Enable the SVI.

telnet@BBS1000+(config-t)# no shutdown
3 Display the SVI information.


MTU 1500 bytes
bcast: 0 pkt
bcast: 0 pkt
Create an Ethernet SVI VLAN 600 on the Cisco switch

1 Create an SVI on the g1/0/5 Cisco switch port.
3750(config-if)#channel-group 1 mode on
2 Create an SVI on the g1/0/6 Cisco switch port.

3750(config-if)#channel-group 1 mode on

3 Configure the SVI.

3750(config-if)# interface vlan 600
4 Configure port-channel 1.
3750(config)#interface port-channel 1
Connection Testing
Run the ping command from BBS 1000+.
telnet@BBS1000+# ping 60.0.0.1

seconds:
!!!!!
Removing all
configurations in this
example from BBS
1000+
1 Enter Configuration Terminal command mode.

2 Delete the Super SVI.

3 Delete the link aggregation.

4 Remove the VLAN members.

telnet@BBS1000+(config-t-vlan-600)# no member ge3/1,ge3/4
5 Delete the VLAN.

telnet@BBS1000+(config-t)# no vlan 600

Link Aggregation Application Description

Interface based on When only L3 applications are required, configure the uplink port as a Routed
Routed Interface Interface. If the BBS 1000+'s uplink data rate will be higher than 1Gbps, use link
Example aggregation to increase the bandwidth.
Example Topology
Figure 39 L3 LAG interface based on a Routed interface
As shown in Figure 39, BBS 1000+ uplink ports GE3/1 and GE3/4 form Link
Aggregation Group 2, and its IP address is 70.0.0.10/24. The upstream Cisco
switch ports, g1/0/5 and g1/0/6, form channel-group 1, and its IP address is
70.0.0.1/24.
Configuration Tasks The general tasks involved in configuring Link Aggregation Groups (LAG) for
Routed Interfaces are given below. After this task overview, detailed steps are
described for each task, using the topology example in Figure 39.
1 Create and Configure Link Aggregation Group 2
2 Create two Routed Interfaces
3 Assign Link Aggregation Group 2 members
4 Create Routed Interfaces on the Cisco switch
5 Test the connection from BBS 1000+
Create and Configure Link Aggregation Group 2

1 Create link aggregation group 2.
telnet@BBS1000+(config-t-if-lg-2)# description "ROUTED PORT"

and PVID is 1.

2 Configure the LAG as an L3 link aggregation interface and assign its IP address.
telnet@BBS1000+(config-t-if-lg-2)# no switchport
telnet@BBS1000+(config-t-if-lg-2)# ip address 70.0.0.1

255.255.255.0
3 Enable the L3 LAG interface.

telnet@BBS1000+(config-t-if-lg-2)# no shutdown
4 Display the LAG interface status information.

link-aggregation 2
Link aggregation 2 is up, line protocol is up

MTU 1500 bytes, BW 1000 Mbit
Half duplex, 0Mbit/s, link status is down
bcast: 0 pkt
bcast: 0 pkt
telnet@BBS1000+(config-t-if-lg-2)# exit
Create two Routed Interfaces

1 Create a Routed Interface on GE3/1.
2 Create a Routed Interface on GE3/4.

Assign Link Aggregation Group 2 members

1 Add members to LAG 2.
2 Display the LAG 2 status information.

telnet@BBS1000+(config-t)# show interface link-aggregation 2
Link aggregation 2 is up, line protocol is up

MTU 1500 bytes, BW 1000 Mbit
Full duplex, 1000Mbit/s, link status is up
L3 in Switched: Octets: 0 bytes, ucast: 180851484 pkt, mcast:
0 pkt, bcast: 0 pkt

L3 out Switched: Octets: 0 bytes, ucast: 26368 pkt, mcast: 0

pkt, bcast: 0 pkt

telnet@BBS1000+(config-t-if-lg-2)# exit
telnet@BBS1000+(config-t)# exit
Create Routed Interfaces on the Cisco switch

1 Create an RI on Cisco switch port g1/0/5.
3750(config-if)#no switch
3750(config-if)# channel-group 1 mode on
2 Create an RI on Cisco switch portg1/0/6.

3750(config-if)# no switch
3750(config-if)# channel-group 1 mode on
3 Configure channel group 1.

3750(config)#interface port-channel 1
Test the connection from BBS 1000+

telnet@BBS1000+# ping 70.0.0.1

seconds:
!!!!!
Deleting all
configurations from this
example on BBS 1000+
1 Enter the Link Aggregation Configuration command mode.

2 Reset the interface from Layer 3 to Layer 2 (switchport).

telnet@BBS1000+(config-t-if-lg-2)# switchport


Configuring MAC Address Table 141

Member list: ge3/1,ge3/4
PVID: 1

GE: 3/1
Switchport: Enabled
Name: GE-9
MTU: 1500bytes
Speed: 1000Mbps
AdminStatus: Disable
Link Status: Down
PVID: 1
4 Delete the LAG.


Configuring MAC BBS 1000+ maintains a MAC Address Table for packet forwarding. Each table
Address Table entry includes a MAC address, a VLAN ID and a port number. The L2 table entry
can be either populated by the BBS switch hardware or manually created.
The L2 table entry can also be purged either by hardware-based or

software-based aging.
The dynamic entry created by the system is aged out in a configurable MAC age
time, which by default is 300 seconds. Manually created entries remain in the
table until manually deleted.
In the following situation, MAC table entries should be manually specified for the
device. When a designated subscriber device with a particular MAC address is
only allowed access a specific BBS 1000+ port in a VLAN ID.

MAC Address Table

Configuration
Commands
Table 14 Typical MAC Address Table configuration commands

Enter Configuration Terminal command mode
BBS1000+(config-t)#
Set dynamic MAC age time mac aging-time agetime
Remove all dynamic MAC address on one or more interface(s) no mac-address-table dynamic
Add a static MAC address on an interface mac-address-table static mac-address vlan vlanid
interface <interfaceType> <interfaceID>
Remove one static MAC address from a single vlan. no mac-address-table static mac-address vlan vlanid
Remove all static MAC address from a single VLAN. no mac-address-table static vlan vlanid
Remove all static MAC address on one or more interface(s) no mac-address-table static
Display the MAC address table. show mac-address-table [static]
Display dynamic MAC age time show running-config
Configuring Static MAC Application Description

Example PC1 is connected to BBS 1000+ via ONU1.In service VLAN 50, PC1 only can
access to BBS 1000+ from downlink port OLT1/1.

Example Topology
Figure 40 Static MAC Address Configuration Topology
ONU1 is bound to lport 1 of OLT1/1 and can be registered on BBS 1000+.
ONU2 is bound to lport 1 of OLT1/4 and can be registered on BBS 1000+
BBS 1000+ system is running in Mix-tag mode and OLT1/1 as well as
OLT1/4 are running in Stack-tag mode.
The IP addresses of PC1 and PC2 have been configured.
Configuration Tasks The general tasks involved in configuring Static MAC Address Configuration are
1 'Verify BBS 1000+'s System Running Mode and PON port mode
2 Configure Service VLAN 50
3 Configure a Static MAC Address Entry
4 Verify the Configuration
Verify BBS 1000+'s System Running Mode and PON port mode
telnet@BBS1000+(config-t)# show system
describion :[ePON]
sysName :BBS1000+
Tel:1(510)864-8800
Contact :John Smith

Inband TTL :128
Outband TTL :128
CPU type : MPC8250
telnet@BBS1000+#
telnet@BBS1000+(config-t)# show interface epon-olt 1/1

running-config
interface epon-olt 1/1

hec tx pas5001-n rx pas5001-n
no shutdown
oam-limit disable
vlan-mode stack-tag
dba algorithm plato

running-config

shutdown
oam-limit disable
vlan-mode stack-tag
dba algorithm plato
Configure Service VLAN 50

1 Create VLAN 50.
telnet@BBS1000+(config-t-vlan-50)# member ge1/1,ge1/4,ge3/1

untagged
2 Display VLAN 50.

VLAN 50:
Name :
port(s) or group(s) :ge1/1,ge1/4,ge3/1
Untagged port(s) or group(s) :ge1/1,ge1/4,ge3/1
3 Configure Uplink port GE3/1's PVID as 50.

4 Return to Configure Terminal Command mode.


5 Reconfigure ONU1's VLAN ID from 1 to 50.

6 Check ONU1's VLAN ID information.

1/1 onu 1 summary
-------------------------------------------------------------
authorized
ONU vlan id = 50
User ID = onu_2
RTT TQ = 2
Laser_on_time = 4
Laser_off_time = 4
Mpcp Timeout = 4000
7 Reconfigure ONU2's VLAN ID from 1 to 50.

8 Check ONU2's VLAN ID.

1/4 onu 1 summary
-------------------------------------------------------------
authorized
ONU vlan id = 50
ONU mac address = 00:07:ba:34:bd:d7
User ID = onu_12
RTT TQ = 0
Laser_on_time = 4
Laser_off_time = 4
Mpcp Timeout = 4000
Configure a Static MAC Address Entry

1 Add a Static MAC Address on BBS 1000+ by issuing the following command,
where:
00:0B:DB:0A:3F:78 is the MAC address of PC1
VLAN 50 is the service VLAN ID on BBS 1000+
1/1 is BBS 1000+'s GE port which connects with PC1.
telnet@BBS1000+(config-t)# mac-address-table static
00:0B:DB:0A:3F:78 vlan 50 interface gigabitEthernet 1/1
2 Display the MAC Address table.

telnet@BBS1000+(config-t)# show mac-address-table static
Interface Vlan MAC address

----------------------------------------
ge1/1 50 00:0b:db:0a:3f:78
Total Mac Addresses for this criterion: 1
telnet@BBS1000+-1(config)#
Verify the Configuration

1 Perform a Ping command on PC1's IP address to PC2's IP address.
From PC1:
c:\> ping 10.0.0.100

2 Reconnect PC1 from OLT1/1 to OLT1/4.

c:\> ping 10.0.0.100

Request timed out.
Request timed out.

Request timed out.

Request timed out.
Result Analyze
After configuring a static MAC table entry for PC1, PC1 only can access BBS
1000+ system via OLT1/1 in the VLAN 50.
Removing all the Delete the Static MAC Table Entry

example configurations
1 Remove the static MAC address entry.
telnet@BBS1000+(config-t)# no mac-address-table static
00:0B:DB:0A:3F:78 vlan 50
2 Display the static MAC address table.

telnet@BBS1000+(config-t)# show mac-address-table static
Delete Service VLAN 50

1 Reconfigure GE3/1's PVID from VLAN 50 to VLAN 1.
telnet@BBS1000+(config-t-if-ge-3/1)# pvid 1
2 Delete VLAN 50's members.

telnet@BBS1000+(config-t-vlan-50)# no member
ge3/1,ge1/1,ge1/4
3 Delete VLAN 50.

Restore ONU VLAN for ONU1 and ONU2.

Here take ONU1 as an exmple.
1 Reconfigure ONU1's VLAN ID from VLAN 50 to VLAN 1.

2 Check ONU1's VLAN ID information.

1/1 onu 1 summary
-------------------------------------------------------------
authorized
ONU vlan id = 1
User ID = onu_2
RTT TQ = 2
Laser_on_time = 4
Laser_off_time = 4
Mpcp Timeout = 4000
Configuring ARP ARPAddress Resolution Protocol is used to map an IP address to a MAC

address.
BBS 1000+ uses an ARP table to maintain the mapping of IP addresses to MAC
addresses. The fields of the ARP table are IP address, MAC address and
Interface Number, etc. An ARP table entry can be either dynamic or static. The
dynamic entry is automatically generated by the system, and the static entry is
specified manually. BBS 1000+ uplink ports support both dynamic and static
methods of generating ARP entries, but the downlink ports only support the
static method.
BBS 1000+ uses a host-route table to maintain the mapping between host IP
addresses and Interfaces. Host-route table entries can be created statically or
dynamically.
Dynamic ARP table entries are created when:

1 BBS 1000+ communicates with an upstream network device at Layer 3 or
above.
2 BBS 1000+ assigns IP addresses to downstream devices via DHCP.
In the following situation, the BBS 1000+ ARP table or host-route table must be
configured statically.
The PCs connected to the ONUs need L3 communication with the BBS
1000+ system. The IP addresses of the PCs are configured statically.

Configuring ARP 149
The ARP command is used to manage ARP tables and the host-route
command is used to manage host-route tables.
BBS 1000+ complies with the following ARP protocols listed below:
Address Resolution Protocol (ARP) specified by RFC 826.
Manual ARP binding and proxy ARP specified in RFC 1027 to facilitate
routing among clients.
ARP Configuring
Commands
Table 15 Typical ARP configuration commands

BBS1000+(config-t)#
Configuring ARP static items for GE ports, LAG, or VLAN. arp <ipaddr> <macaddr> interface giga-ethernet <module/port>
arp <ipaddrd><macaddr> interface link-aggregation linkID
arp <ipaddr> <macaddr> vlan vlanID {[member <ge<module/port>or
lg>] | [sub-vlan vlanID }
Configuring ARP age time. arp age-time <timer-in-seconds>
Remove ARP item no arp ip-address
Clear dynamic ARP entries for GE ports, LAG, or VLAN arp-flush interface giga-ethernet <module/port>
arp-flush interface link-aggregation lag-ID
arp-flush interface vlan vlanID
Configure an IP address as a static host route item for GE host-route ip-address interface giga-interface <module/port>
ports, LAG, or VLAN
host-route ip-address interface lag lag-ID
host-route ip-address interface vlan vlanID [subvlan subvlanid
member members]
Configuring network segments as static host route items host-route-summary <IP_start> <IP_end> interface giga-interface
for GE ports, LAG, or VLAN <module/port>
host-route-summary <IP_start> <IP_end> interface link-aggregation
lag-ID
host-route-summary <IP_start> <IP_end> interface vlan vlanID
[subvlan sub-vlanID member members]
Delete a host route item no host-route ip-address
Display host route information GE ports, LAG, or VLAN show host-route interface {giga-ethernet<module/port> |
link-aggregation linkID | vlan vlanID}
Display ARP information for GE ports, LAG, or VLAN show arp
show arp interface [giga-ethernet<module/port> | link-aggregation
linkID | vlan vlanID]

Configuring ARP Application Description

Example Only allow designated subscriber device PC1 and PC2 to access the BBS
1000+ system.
Example Topology
Figure 41 ARP Configuration Topology
BBS 1000+ is connected to subscriber devices on Super SVI. PC1 is connected

to BBS 1000+ by binding its MAC to a BBS 1000+ port and PC2 is connected to
BBS 1000+ via host-route binding.
ONU1 is bound to lport 1 of OLT1/1 and can register on BBS 1000+. ONU2 is
bound to lport 2 of OLT1/1 and can register on BBS 1000+.
The BBS 1000+ is running in Mix-tag and OLT port 1/1 running in stack-tag
mode.
Vlan 101 has been already configured for ONU1 with GE1/1 as a tagged
member and vlan 102 has also been already configured for ONU2 with
GE1/1 as a tagged member(ONU1' vlan id is 101 and ONU2's vlan id is 102).
IP addresses of PC1 and PC2 have been configured.
Configuration Tasks Configure Super SVI

Assum
1 Create VLAN 100, with GE1/1 as a tagged member.


Configuring ARP 151
VLAN 100:
Name :
2 Create an SVI based on VLAN 100 and assign an IP address to it.


255.255.255.0
3 Enable the SVI.

4 Configure the SVI as a Super SVI with members VLAN 101-102.

telnet@BBS1000+(config-t-if-vlan-100)# member-vlan 101-102

100
Super Vlan id: 100

Member: 101,102
MTU 1500 bytes
bcast: 0 pkt
bcast: 0 pkt
Add ARP entry for PC1

1 Before adding an ARP entry on BBS 1000+, issue a PING command from PC1
to the Super SVI's IP address on BBS 1000+.
c:\> ping 10.0.0.10

Request timed out.
Request timed out.

2 Add an ARP entry for PC1 by issuing the following CLI command, where:
10.0.0.99 is the IP address of PC1
00:0b:db:0a:3f:78 is the MAC address of PC1
VLAN 100 is the Super VLAN on BBS 1000+
Sub-vlan 101 is a member of the Super VLAN (ONU's VLAN ID)
GE1/1 is the GE port that PC1 connects to via ONU1.
telnet@BBS1000+(config-t)# arp 10.0.0.99 00:0b:db:0a:3f:78

3 Display the ARP table.


Expire(secs)
------------------+-----------------+--------+----------+----
10.0.0.99 00:0b:db:0a:3f:78 static Vlan101 -NA-
4 After adding the ARP entry, PING the Super SVI's IP address from PC1.
c:\> ping 10.0.0.10

Ping statistics for10.0.0.10:
Add a Host-route Entry for PC2

1 Before adding a host-route entry on BBS 1000+, issue a PING command from
PC2 to the Super SVI's IP address on BBS 1000+.
c:\> ping 10.0.0.10

Request timed out.
Request timed out.
2 Add a host-route entry for PC2 by issuing the following CLI command, where:
10.0.0.100 is the IP address of PC2
VLAN 100 is the Super VLAN on the BBS 1000+
Sub-vlan 102 is a member of the Super VLAN (ONU's VLAN ID)

Configuring ARP 153
GE1/1 is the GE port tha PC2 is connected to via ONU2

3 Display the host-route table.


------------------+-----------------+--------+-----------
10.0.0.99 00:0b:db:0a:3f:78 static(A) Vlan101
10.0.0.100 00:00:00:00:00:00 static(H) Vlan102
Since we added an ARP entry for PC1 in the pervious step, the system will
automatically generate a correlated static host-route entry.
Static(A) in the above display information means that this entry is statically
added via ARP command. Static(H) means this entry is statically added via
Host-route command.
4 After adding the Host-route entry, PING the Super SVI's IP address from PC2 to
verify the connection.
c:\> ping 10.0.0.10

Ping statistics for10.0.0.10:
Deleting All the Delete the ARP Entry

Configuration on the
BBS 1000+
1 Display the ARP table.

Expire(secs)
------------------+-----------------+--------+----------+----
10.0.0.99 00:0b:db:0a:3f:78 static Vlan101 -NA-
10.0.0.100 00:0f:1f:a0:56:62 dynamic Vlan102 337
Since we previously added a host-route entry for PC2, the system automatically
generated a correlated dynamic ARP entry.
2 Delete the static ARP entry.
telnet@BBS1000+(config-t)# no arp 10.0.0.99


Expire(secs)
------------------+-----------------+--------+----------+----
10.0.0.100 00:0f:1f:a0:56:62 dynamic Vlan102 337
The dynamic ARP entry can be deleted manually otherwise it will be aged out
automatically. The ARP entry aging time is the same as the MAC address aging
time. This aging time is configurable; the default value is 300 seconds.
3 Delete the dynamic ARP entry.
telnet@BBS1000+(config-t)# arp-flush interface vlan 100
Delete the Host-route Entry

1 Display the host-route table.

------------------+-----------------+--------+-----------
10.0.0.99 00:0b:db:0a:3f:78 static(A) Vlan101
10.0.0.100 00:0f:1f:a0:56:62 static(H) Vlan102
2 Delete the host-route entry.

telnet@BBS1000+(config-t)# no host-route 10.0.0.100
Delete the Super SVI

1 Delete the Super SVI.
2 Verify the deletion.

3 Delete VLAN 100.

telnet@BBS1000+ (config-t-vlan-100)# no member ge1/1
telnet@BBS1000+ (config-t-vlan-100)# exit

Configuring an IP Route 155
telnet@BBS1000+ (config-t)# no vlan 100
telnet@BBS1000+ (config-t)#
If the Super SVI is deleted first, the ARP and host-route tables will be
cleared by system automatically.
Configuring an IP When BBS 1000+ functions as a L3 switch, it maintains a routing table to

Route facilitate packet forwarding. It includes the destination IP address, subnet mask,
gateway address and metric. It can be dynamically created or manually
configured.
Dynamic routing entries include learned entries and direct entries.
Static routing entries are specified by the network administrator.
A default route can be configured for use when a matching routing table entry
does not exist. If a default route is not specified and the packet does not have a
matching route table entry, the packet will be discarded. In this situation an
ICMP packet is returned to the original host to report the error.
Metric
When there are two route entries between the equipment, use the metric
parameter to set the default route. The possible values are 1-255, with the
lowest number having the highest priority.
Figure 42 Metric Example
In the figure above, there are two routes between BBS 1000+ and subnet
4.4.4.0/24. The routing entries are specified as shown below:

Route1: IP route 4.4.4.0 255.255.255.0 1.1.1.2 100
Route2: IP route 4.4.4.0 255.255.255.0 2.2.2.2 10
Route 2 is the preferred route.
IP Route Configuring
Commands
Table 16 Typical IP Route configuration commands

BBS1000+(config-t)#
Create a static gateway ip route <subnet> <subnet-mask> <gateway><metric>
Remove a static gateway no ip route <subnet> <subnet-mask>
Specify a default gateway ip route <0.0.0.0> <0.0.0.0> <next-hop gateway-ip>
Related Show Command
Display all IP route information show ip route [ip-address] [subnet-mask]
Static IP Route Application Description

Configuration Example BBS 1000+ needs to access the server from different subnets via the Cisco
switch.

Example Topology
Figure 43 IP Route Topology
There are two links between BBS 1000+ and the Cisco switch. Link1 is from
BBS 1000+ uplink port GE3/2 to Cisco switch port g1/0/7; Link2 is from uplink
port GE3/3 to g1/0/8. The Cisco switch connects to the server via g1/0/6.
Configuration Tasks Create two Routed Interfaces on BBS 1000+.

1 Create a Routed Interface on BBS 1000+ uplink port GE3/2.
2 Assign an IP address to the RI port and enable it.

255.255.255.0

giga-ethernet 3/2
3 Create a Routed Interface on BBS 1000+ uplink port GE3/3.

4 Assign an IP address to the RI port and enable it.

255.255.255.0

giga-ethernet 3/3
5 Display the IP interface information.

ifIndex name speed MTU

-----------------------------------------------------
1 GE-1 1000 1500
2 GE-2 1000 1500
3 GE-3 1000 1500
4 GE-4 1000 1500
5 GE-5 1000 1500
6 GE-6 1000 1500
7 GE-7 1000 1500
8 GE-8 1000 1500
9 GE-9 1000 1500
10 GE-10 1000 1500
11 GE-11 1000 1500
12 GE-12 1000 1500
-----------------------------------------------------
MTU 1500 bytes
L3 in Switched: Octets: 0 bytes, ucast: 497688732 pkt, mcast:
MTU 1500 bytes
L3 out Switched: Octets: 9 bytes, ucast: 2565027852 pkt,
Configure a Gateway on BBS 1000+

1 Create a static IP Route to the server by issuing the following CLI command,
where:
4.4.4.0 255.255.255.0 is the Server's network segment
1.1.1.2 is the Gateway IP address on Cisco 3750 for BBS 1000+ GE3/3
Routed interface.

telnet@BBS1000+(config-t)# ip route 4.4.4.0 255.255.255.0

1.1.1.2
2 Configure the default Gateway.

3 Display the gateway configuration

telnet@BBS1000+(config-t)# show ip route
Codes: C - connected, S - static, R - RIP, B - BGP

O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external
type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
S 0.0.0.0/0.0.0.0 via 2.2.2.2
C 1.1.1.0/255.255.255.0 directly connected,
GigabitEthernet3/3
C 2.2.2.0/255.255.255.0 directly connected,
GigabitEthernet3/2
S 4.4.4.0/255.255.255.0 via 1.1.1.2
Create three Routed Interfaces on the Cisco switch

1 Login to the Cisco switch.
3750>enable
Password:******
Enter the following configuration commands, one per line. End by pressing
CTRL+Z.
2 Create a Routed Interface on Cisco switch port g1/0/8.

3 Assign an IP address to the port.

3750(config)#exit
3750#
4 Display the routed interface information.

3750#show ip interface giga-ethernet 1/0/8
GigabitEthernet1/0/8 is up, line protocol is up
Internet address is 1.1.1.2/24

Broadcast address is 255.255.255.255

Address determined by setup command
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
...screen output truncated...

Enter configuration commands, one per line. End with CNTL/Z.
3750(config)#interface giga-ethernet 1/0/6
3750(config)#

3750(config)#interface giga-ethernet 1/0/7
3750(config)#
Server Configuration
1 On the Cisco switch add an ARP table entry for the server.
Use the following CLI command to add the ARP entry, where:
4.4.4.10 is the server IP address.
00:0f:1f:a0:56:62 is the server MAC address.
3750(config)# arp 4.4.4.10 00:0f:1f:a0:56:62 arpa
2 Configure the Server IP address.

Set the server IP address to 4.4.4.10/24 and its gateway to 4.4.4.2.

Verify the static IP Route configuration

Disable Link1, and then run a ping command from BBS 1000+ to the server IP
address.
1 Disable the connection between GE3/2 and g1/0/7.

telnet@BBS1000+(config-t-if-ge-3/2)# shutdown
2 From BBS 1000+ PING the server's IP address.


seconds:
!!!!!
The successful Ping result indicates that BBS 1000+ used the static IP route to
forward packets.
Verify the default IP Route configuration
Disable Link2, and then run a ping command from BBS 1000+ to the server IP
address.
1 Disable connection between GE3/3 and g1/0/8.

2 From BBS 1000+ PING the server's IP address.


seconds:
!!!!!
The successful Ping result indicates that BBS 1000+ used the default IP route to
forward packets.
Removing All the Delete the host-routes

Example Configurations telnet@BBS1000+(config-t)# no host-route 2.2.2.2
on BBS 1000+

Delete the IP Routes

telnet@BBS1000+(config-t)# no ip route 4.4.4.0 255.255.255.0
telnet@BBS1000+(config-t)# no ip route 0.0.0.0 0.0.0.0
telnet@BBS1000+(config-t)# show ip route
Delete the RI interfaces

ifIndex name speed MTU

-----------------------------------------------------
1 GE-1 1000 1500
2 GE-2 1000 1500
3 GE-3 1000 1500
4 GE-4 1000 1500
5 GE-5 1000 1500
6 GE-6 1000 1500
7 GE-7 1000 1500
8 GE-8 1000 1500
9 GE-9 1000 1500
10 GE-10 1000 1500
11 GE-11 1000 1500
12 GE-12 1000 1500
-----------------------------------------------------
Configuring Port You can monitor traffic on GEPON BBS 1000+ ports by configuring another port
Mirror to "mirror" the traffic on the ports to be monitored. By attaching a protocol
analyzer to the mirror port, you can observe the traffic on the monitored ports.
Restrictions on
Monitoring Sessions
1 The destination interface must be a single interface not a group of interfaces.

Also the destination interface cannot be one of the source interfaces.
2 Monitoring Sessions can be categorized into two types:
Current Monitoring Session
Buffered Monitoring Session (a configured session, which is not running
on the system yet)
Configuring Port Mirror 163
3 The system can only have one running session at a time.

4 Only one buffered session can be be configured per CLI telnet session.
5 A buffered session must be manually activated, after stopping the currently
running session
6 A Current Monitoring session can be deactivated when no longer needed.
Port Mirror Configuring

Commands
Table 17 Typical port mirroring commands

BBS1000+(config-t)#
Configure port based mirroring of the source interface specifying monitor session sessionID source interface gigabitEthernet
the traffic direction to monitor. interfaceList {both | rx | tx}
Configure port based mirroring of the destination interface to monitor session sessionID destination interface
monitor. gigabitEthernet interface
Activate/Deactivate the mirroring source and destination monitor session sessionID {activate | deactivate}
configuration to interface(s).
Stop mirroring both source and destination ports no monitor session
Display monitor session in the system. show monitor session
Port Mirror Configuring The following steps describe how to set up a monitor session:
Procedures
1 Configure the monitor session source.
2 Configure the monitor session destination.
3 Verify the monitor session.
4 Activate the monitor session.
5 If required another monitor session can be set up. This session is stored in the
buffer for future activation.
6 Verify the monitor session.
Configuring Port Mirror Application Description

Example BBS 1000+ is operating in L2 switch mode and it's uplink port GE3/1 is
experiencing some abnormalities. GE3/3 will be configured as a Port Mirror to
monitor the GE3/1 port. Bi-directional data on GE3/1 will be monitored.

Example Topology
Figure 44 Port Mirror Topology
1 ONU is bound to lport 5 on OLT1/1 and can successfully register on BBS 1000+.
2 The VLAN BASE ID is 101 (the default).
3 PC1 and PC2's IP addresses are already configured.
Configuration Tasks Configure Service VLAN 105

1 Create VLAN 105 with GE3/1 as a untagged member.
In this example, assum GE1/1 has already been a tagged member of vlan
105
2 Display the VLAN information.
VLAN 105:
Name :PON 5
3 Configure a PVID for GE3/1.

4 Display the GE3/1 switch port information.

telnet@BBS1000+(config-t-vlan-105)# show interface
GE: 3/1
Switchport: Enabled
Name: GE-9
MTU: 1500bytes
Speed: 1000Mbps
AdminStatus: Enable
Link Status: Up
PVID: 105

Set up a Monitoring Session on BBS 1000+

1 Configure the monitoring session source port.
BBS1000+(config-t)# monitor session 1 source interface
gigabitEthernet 3/1 both
BBS1000+(config-t)# show monitor session
Session 1
-----------
Source receive interfaces :
Source transmit interfaces :
Destination interfaces :
buffered Session 1
---------------------
Source receive interfaces :ge3/1
Source transmit interfaces :ge3/1
2 Configure the monitoring session destination (mirror) port.

BBS1000+(config-t)# monitor session 1 destination interface
gigabitEthernet 3/3
Session 1
-----------

buffered Session 1
---------------------
Destination interfaces :ge3/3
3 Activate Monitor Session 1.

telnet@BBS1000+(config-t)# monitor session 1 activate
telnet@BBS1000+(config-t)# show monitor session
Session 1
-----------
buffered Session 1
---------------------
Send some data between PCs to monitor

1 From both PC1 and PC2 send a ping command to the opposite PC.
From PC1:
c:\> ping 10.0.0.100
From PC2:
c:\> ping 10.0.0.10
Check the protocol analyzer connected to the mirror port to verify the source
port condition.
Deleting All Example Deactivate the Monitoring Session 1

Configurations on BBS BBS1000+(config-t)# show monitor session
1000+
Session 1
-----------
buffered Session 1
---------------------
BBS1000+(config-t)#
BBS1000+(config-t)# monitor session 1 deactivate
Session 1
-----------

buffered Session 1
---------------------
BBS1000+(config-t)#
Delete Monitor Session 1

BBS1000+(config-t)# no monitor session
Session 1
-----------
buffered Session 1
---------------------
BBS1000+(config-t)#

VLAN MANAGEMENT
6
VLAN Introduction GEPON BBS 1000+ supports up to 4094 VLAN IDs (1 to 4094)
In Unique tag handling mode, each BBS 1000+ subscriber is assigned to a

unique VLAN, and in Mix-tag stack-tag mode, all BBS 1000+ subscribers are
assigned to the default VLAN(VLAN ID = 1). To prevent flooding, broadcast
frames sent to subscribers are only allowed within the VLAN domain, and are
blocked at the layer 2 broadcast domain.
Now we support auto-forwarding VLAN only. Auto-forwarding VLAN means all

the ports in that VLAN behaves auto-forwarding. VLAN 1 is always an
auto-forwarding VLAN at all time.
Layer 2 Port-Based GE port VLAN

VLANs By default BBS 1000+ Gigabit Ethernet switch ports (GE1/1-4,GE2/1-4,
GE3/1-4) are assigned to VLAN ID 1. These ports are all untagged.
Restrictions for Layer 2 VLAN Management

1 When adding a port to a VLAN, the port can be configured as a tagged or
untagged port. Once the tagged or untagged attribute is configured, it cannot be
changed. To change the port tagged/untagged attribute, it must be removed
from the VLAN first and then recreated using the appropriate VLAN tag attribute.
2 A L2 port can belong to many VLANs. When assigning a PVID to a L2 port, the
PVID has to be one of the L2 port's VLAN IDs. For example, if a L2 port belongs
to VLAN 100, VLAN 200 and VLAN 300, then either 100, 200 or 300 can be
chosen as the L2 port's PVID.
3 When a L2 port is removed from a VLAN, the port's PVID will be automatically
changed to another VLAN if the port has the same ID as the one of the VLAN
the port is to be removed from.

170 Chapter 6: VLAN Management
For example in VLAN Management, the GE1/1 port PVID is 10, therefore when
removing GE1/1 from VLAN 10, the GE1/1 port PVID will be changed to 1 (the
default VLAN ID).
Figure 45 VLAN Management
4 VLAN 1 is the default VLAN for each L2 port, (GE1/1-4, GE2/1-4, GE3/1-4) and
cannot be removed or configured.
Any L2 port can be an untagged member of many different VLANs. But this
configuration can cause packet forwarding problems, therefore it is not
recommended.
VLAN ID Processing in VLAN IDs are processed by both the BBS 1000+ and ONU. Internal BBS 1000+
Unique-tag/Stack-tag packets are always tagged. Any incoming untagged packets are tagged first at
Mode the ingress port before they are processed by BBS 1000+.
Each successfully registered ONU is assigned a VLAN ID. VLAN ID processing

in the L2 packet forwarding process is described below.
ONU Forwarding Rules For L2 Data Packets in Unique-tag Mode

When an upstream untagged packet from the PC is received by the ONU, the
ONU assigns the packet the ONU's VLAN ID. The ONU then forwards the
packet to the OLT.
When an upstream tagged packet from the PC is received by the ONU, the
ONU compares the tagged packet's VLAN ID and with its own VLAN ID, and
performs one of the following operations:
If the VLAN IDs match, the ONU forwards it to the OLT.
If the VLAN IDs do not match, the ONU discards the tagged packet
upstream.
When a downstream tagged packet from the OLT is received by the ONU,
the ONU compares the tagged packet's VLAN ID and with its own VLAN ID,
and performs one of the following operations:
VLAN Introduction 171
If the VLAN IDs match, the ONU strips the VLAN ID from the packet and
forwards it downstream.
If the VLAN IDs do not match, the ONU discards the tagged packet
downstream.
When a downstream untagged packet from the OLT is received by the ONU,
the ONU discard the packet downstream.
ONU Forwarding Rules For L2 Data Packets in Stack-tag Mode

When an upstream untagged packet from the PC is received by the ONU, the
ONU assigns the packet the ONU's VLAN ID. The ONU then forwards the
packet to the OLT.
When an upstream tagged packet from the PC is received by the ONU, the
ONU forwards the packet to the OLT.
When a downstream tagged packet from the OLT is received by the ONU,
the ONU compares the tagged packet's VLAN ID and with its own VLAN ID,
and performs one of the following operations:
If the VLAN IDs match, the ONU strips the VLAN ID from the packet and
forwards it downstream.
If the VLAN IDs do not match, the ONU forwards the tagged packet
downstream.
When a downstream untagged packet from the OLT is received by the ONU,
the ONU forwards the packet downstream.
BBS 1000+ Ingress Port Forwarding Rules for L2 Data Packets

If a downstream untagged packet is received by a BBS 1000+ port
(GE3/1-4), the packet will be assigned the port's PVID.
If a downstream tagged packet is received by a BBS 1000+ port (GE3/1-4), it
will be forwarded according to the port's configuration, as described below:
If the uplink port's (GE3/1-4) Ingress filter function is enabled, only those
packets belonging to the uplink port's VLANs will be forwarded. Other
If the uplink ports' (GE3/1-4) Ingress Filter function is not enabled, all
packets with VLAN IDs listed in the BBS 1000+ VLAN table will be
forwarded, regardless of whether the port is a member of the VLAN or
not. Other packets will be discarded.
All upstream packets received by BBS 1000+ are sent from the ONU and are
already tagged.
BBS 1000+ Egress Port Forwarding Rules for L2 Data Packets
If an egress port is a tagged member of a VLAN, the packet exits this port
with its original VLAN tag.


If an egress port is a untagged member of a VLAN, the packet exits this port
with its VLAN tag stripped.
ONU VLAN Management ONU Default VLAN

When a new ONU is registered on the network, its VLAN ID assignment is
handled differently depending on which system mode is running.
Table 18 VLAN Assignment in ONU Registration for the Four Running Modes
Running Mode ONU's VLAN ID Note

Unique-tag handling mode Unique VLAN ID Based on VLAN_ID_Base parameter,
default is 101.
Transparent handling mode 0
Stack-tag handling mode 1
QinQ handling mode 1
Especially VLAN ID Assignment in Unique-tag Running Mode

Each downlink GE port (GE1/1-4, GE2/1-4) is assigned 64 tagged VLANs.
When an ONU is registered, it is also assigned as a member of one of these 64
VLANs. The VLANs assigned to each downlink GE port are listed in Table 4.
Table 19 VLAN ID Assignment
Downlink GE1/1 GE1/2 GE1/3 GE1/4 GE2/1 GE2/2 GE2/3 GE2/4

GE Port
101-16 165-22 229-29 293-35 357-42 421-48 485-54 549-612
VLAN IDs 4 8 2 6 0 4 8
After the lport is assigned, each ONU is assigned to a unique VLAN. A unique
VLAN ID is assigned based on the VLAN ID base, which by default is 101.
There are either 4 or 8 OLT ports on the BBS 1000+ depending on the
configuration. Each OLT port is connection to each downlink GE port. Each
downlink GE port can support up to 64 ONUs, thus there are 64 default VLANs
for each downlink GE port. The first downlink GE port can assign VLAN IDs
between 101 and 164, the ONU get its VLAN ID based on the formula below:
VLAN ID = VLAN_ID_base -1 + ((PON_port_number -1) X 64) + lport_number
Where:
The VLAN ID base is configurable (default is 101).
The PON port number can be 1 to 8. (OLT1/1 = 1; OLT1/2 = 2; ... OLT2/4 = 8)
The lport number can be 1 to 64.

VLAN Introduction 173
Valid VLAN IDs are 1 to 4094 with the exception of 1006 to 1261 (inclusive)
which are reserved. The valid values for the configurable VLAN_ID_base can be
between 2 and 494 and between 1262 and 3583
Example for setting VLAN_ID_base:
telnet@BBS1000+(config-t)# pon-sys vlan-id-base <2-4094>
Especially ONU VLAN ID Reconfiguring in Stack-tag Mode and QinQ

Running Mode
In Stack-tag mode or QinQ running mode, ONU can be assigned to different
VLAN ID by entering onu-vlan CLI command under OLT Configure mode.
The following example is to modify the ONU VLAN ID under stack-tag running
mode.
Example: BBS 1000+ is running in stack-tag running mode. Reconfigure ONU1

as the members of VLAN 10.
In stack-tag running mode, ONUs are assigned to default VLAN, VLAN ID is 1.
telnet@BBS1000+(config-t-if-olt-1/1)# show inter epon-olt 1/1

onu su
-------------------------------------------------------------
Name = ONU-1
authorized
ONU vlan id = 10
ONU mac address = 00:07:ba:34:bd:e7
User ID = onu_1
RTT TQ = 0
Laser_on_time = 4
Laser_off_time = 4
Mpcp Timeout = 4000
In transparent running mode, ONU will do nothing to VLAN ID, it is not

necessary to modify ONU's VLAN ID in transparent running mode.
In Unique-tag running mode, ONU is assigned to a unique VLAN ID. As above

section descriped, ONU VLAN ID is assigned based on the VLAN ID base.
When user enters onu-vlan CLI command in the Unique-tag running mode, an
error message will be displayed on the screen.
Error: This command is forbidden under unique-tag mode
VLAN Layer 2
Configuration Tasks
Table 20 Typical layer 2 VLANconfiguration commands

BBS1000+(config-t)#
Create a VLAN under Configuration Terminal command vlan {vlan-id}[name {vlanname}]
mode.
Remove a VLAN under Configuration Terminal command no vlan vlan-id
mode
Enter VLAN(i.e. VLAN 10) configuration command mode.
BBS1000+(config-t)#vlan 10
BBS1000+(config-t-vlan-10)#
Add Member into VLAN(i.e. VLAN 10) member <member -list> {tagged | untagged}
Remove Member from VLAN(i.e. VLAN 10) no member member-list
Set PVID(i.e. VLAN 10) pvid member-list
Reconfigure ONU's VLAN ID when BBS1000+ is in stack-tag BBS1000+# configure terminal
running mode.
BBS1000+(config-t)# interface epon-olt 1/2
BBS1000+(config-t-if-olt-1/2)#
onu-vlan lport id vlan-id
Show VLAN(s) in the system. show vlan [vlan id]
VLAN Layer 2 The typical steps for creating a VLAN are listed below:
Management
Procedure
1 Create an empty VLAN by specifying the VLAN ID (value from 1 to 4094 with the
exception of 1006 to 1261 (inclusive) which are reserved), and optionally assign
it a VLAN name.

VLAN Creation Example 175
2 Add tagged and untagged members to the VLAN.

The steps for removing an unneeded VLAN are listed below:

1 If any port's PVID is equal to the VLAN ID to be removed, then the port's PVID
must be changed to a different PVID.
2 Remove the VLAN members.
3 Delete the VLAN.
4 Display all VLANs to verify that the VLAN was deleted.
VLAN Creation
Example
Application Description The PC is connected BBS 1000+ uplink port GE3/1 and the Switch is connected
to BBS 1000+ uplink port GE3/2. Both GE3/1 and GE3/2 are assigned to VLAN
100, which is a data VLAN.
Example Topology Figure 46 VLAN Creation Topology
BBS 1000+ is running in stack-tag mode .
Configuration Tasks Create a VLAN.

BBS1000+(config-t)#
2 Create VLAN 100, named vlan-100.

BBS1000+(config-t)# vlan 100 vlan-100
3 Display all VLANs information.

BBS1000+(config-t-vlan-100)# show vlan

--------+---------------+-----------------------+------------
100 vlan-100
Add Members to the VLAN

1 Add GE1/1 as a tagged member and GE3/1 as an untagged member of VLAN
100.
BBS1000+(config-t-vlan-100)# member ge3/1 untagged
The PC is connected to uplink GE port 3/1 directly, so GE3/1 should be

added to VLAN 100 as an untagged member.
VLAN 100:
Name :vlan-100
Configure the Interface PVID

1 Set GE3/1's PVID as 100.
BBS1000+(config-t-vlan-100)# pvid ge3/1
2 Display GE3/1 switch port information.

BBS1000+(config-t-vlan-100)# show interface giga-ethernet 3/1
switchport
GE: 3/1
Switchport: Enabled
Name: GE-9
MTU: 1500bytes
Speed: 1000Mbps
AdminStatus: Enable
Link Status: Down
PVID: 100
Deleting the Example Reconfigure the port's PVID

Configuration on BBS
1000+
VLAN Creation Example 177
VLAN 100:
Name :vlan-100
2 Display GE3/1 switch port information.

BBS1000+(config-t-vlan-100)# show interface giga-ethernet 3/1
switchport
GE: 3/1
Switchport: Enabled
Name: GE-9
MTU: 1500bytes
Speed: 1000Mbps
AdminStatus: Enable
Link Status: Down
PVID: 100
3 Reconfigure GE3/1port's PVID.

telnet@BBS1000+(config-t-if-ge-3/1)# pvid 1
Delete Members from the VLAN

1 Enter the VLAN Configuration command mode.
BBS1000+(config-t)# vlan 100
2 Delete members from this VLAN.

BBS1000+(config-t-vlan-100)# no member ge3/1
BBS1000+(config-t-vlan-100)# no member ge1/1

VLAN 100:
Name :vlan-100
port(s) or group(s) :

Delete a VLAN
After you remove member ports from the VLAN, then the VLAN can be deleted.
Any VLAN without current members can be deleted, with the exception of VLAN
1which is the default VLAN for all ports.
1 Display all VLAN information.

BBS1000+(config-t-vlan-100)# show vlan

--------+---------------+-----------------------+------------
100 vlan-100

BBS1000+(config-t-vlan-100)#exit
BBS1000+(config-t)#
3 Delete VLAN 100.

BBS1000+(config-t)# no vlan 100
4 Display all VLAN information to confirm that the VLAN was removed.

--------+---------------+-----------------------+------------
BBS1000+(config-t)#

CONFIGURING GEPON FEATURES
7
This chapter describes all PON configurations.
PON system configuration

Mainly introduce how to configure ONU's local authentication
OLT related configuration parameters
OLT and ONU DBA configuration
ONU Policy Configuration
ONU Management
PON system MAC address table
PON System
Configuration
PON System Parameters The PON system configurations include the following parameters:
Authentication Mode: Local authentication or remote authentication

VLAN ID Base
ONU authentication timeout (For remote authentication)
System MAC Address Table aging time
PON System parameters are described in Table 21.

Table 21 PON system parameters
PON System Description Default Value

local-authentication ONU authentication is obtained from the local Enabled
database or from a RADIUS server.
When Disabled, RADIUS server configuration is
required.
sla-synchronization Indicates that the PON system local SLA (Service Disabled
Level Agreement) is synchronized with RADIUS
server authentication.
lport-strict-binding when enable, if ONU need register, its mac Enabled
should exactly match to SLA DBA configuration
vlan-id-base VLAN ID Base used as a starting VLAN ID for 101
downstream ONUs.

180 Chapter 7: Configuring GEPON Features
Table 21 PON system parameters (continued)
PON System Description Default Value

remote-mgmt ONU remote authentication timeout 10 seconds
onu-authentication
time-out
mac-addr-aging-time Sets the aging time for the PON system MAC 300 seconds
address table
Remote-mgmt onu-authentication time-out is described in the section

Special Parameters for ONU Re-authentication on page 245.
The mac-addr-aging-time parameter is described in the PON System MAC

Address Table on page 236
To check the PON system configuration, use the following CLI command:(In
Unique-tag running mode)
telnet@BBS1000+(config-t)# show pon-sys
PON system global parameters:

vlan base id for ONU = 101
local sla authentication = enabled
local sla sync with radius server = disabled
local logical port strict binding = enabled
MAC Address Aging Timer = 300 seconds
remote-mgmt onu-authentication time out = 10
User Authentication There are two types of BBS 1000+ users: CLI and ONU. Each of them can be
Method authenticated locally or remotely.
Local authentication of CLI users is explained in Chapter 15 System

Administration. There are two types of ONU local authentication, one for ONUs
with lport binding enabled and the other for ONUs with lport binding disabled.
For remote authentication details, refer to chapter Configuring GEPON Features

on page 179.

Configuring ONU's Local Authentication 181
Authentication
Configuring Commands
Table 22 Authentication Configuring Commands

BBS1000+(config-t)#
Enable/disable ONU/CLI user local authentication pon-sys local-authentication {enabled | disabled}
Enable/disable SLA synchronization pon-sys sla-synchronization {enabled | disabled}
Enable/disable Lport binding with ONU MAC address pon-sys lport-strict-binding {enabled | disabled}
Set the VLAN ID Base. pon-sys vlan-id-base {2-494 | 1262-3583}
Enter Configure ONU(ONU1/2/3) command mode
BBS1000+(config-t-if-olt-1/2)# onu 3
BBS1000+(config-if-onu-1/1/3)#
Configure ONU MAC and Lport binding from the ONU dba-sla mac mac-addr
command mode
Remove ONU MAC and Lport binding dba-sla mac 0:0:0:0:0:0
Display the PON system configuration show pon-sys
Display the MAC address table under PON port(s). show interface epon-olt [module/port] mac-address-table
Configuring ONU's Before configuring BBS 1000+ ONU's local authentication, the following
Local Authentication concepts should be noted:
1 ONU Lport (Logical Port) Assignment
2 ONU Registration Process
3 VLAN ID Assignment in Unique-tag running mode
ONU Lport (Logical Port) Each of the BBS 1000+'s downlink ports, referred to hereafter as PON ports,
Assignment can connect with up to 64 ONUs. Since these 64 ONUs are connected to the
same physical PON port, the individual ONUs are assigned to one of the PON
port's 64 logical ports (lports). For assigning ONU and PON port connections,
the BBS 1000+ system uses a binding table. The table sets a mapping
relationship between ONU MAC addresses and individual lports. The binding
table is user defined, enabling the lports to be assigned statically.
When lport binding is activated (the default), as each ONU is registered it is

assigned to a specific lport number. This lport number is specified in the binding
table based on the ONU's MAC address.

When lport binding is deactivated, as each ONU is registered it is assigned the

lowest available lport number. For example, the first ONU to be registered on a
PON port is assigned lport number "1". If this ONU goes offline and other ONUs
are registered in the meantime, then when this ONU comes back online it will be
given another lport number (the next lowest available lport number).
To facilitate ONU maintenance especially in regards to VLAN assignment, lport

binding is recommended.
ONU Registration By default, Logical Port (lport) to MAC address binding is enabled.
Process
When an ONU is connected to the BBS 1000+ and powered on, it goes through
the following registration process:
1 The OLT assigns the ONU a Logical Link ID (LLID).
2 The pre-configured lport number is obtained from the binding table.
3 This lport number is assigned to the ONU.
4 The VLAN ID and other attributes are assigned to the ONU.
Upon successful completion of the registration, each ONU connected to an

individual PON port is assigned a unique lport number.
For a list of other attributes assigned in step 4 above, refer to Return List on the
Radius Server on page 248.
VLAN ID Assignment in Each downlink GE port (GE1/1-4, GE2/1-4) is assigned 64 tagged VLANs.
Unique-tag running When an ONU is registered, it is also assigned as a member of one of these 64
mode VLANs. The VLANs assigned to each downlink GE port are listed in Table 23.
Table 23 VLAN ID Assignment (Based on a VLAN ID Base of 101)
Downlink GE1/1 GE1/2 GE1/3 GE1/4 GE2/1 GE2/2 GE2/3 GE2/4

GE Port
VLAN IDs 101-164 165-228 229-292 293-356 357-420 421-484 485-548 549-612
After the lport is assigned, each ONU is assigned to a unique VLAN. A unique
VLAN ID is assigned based on the VLAN ID base, which by default is 101.
There are either 4 or 8 OLT ports on the BBS 1000+ depending on the
configuration. Each OLT port is connected to a separate downlink GE port. Each
downlink GE port can support up to 64 ONUs, thus there are 64 default VLANs
for each downlink GE port. The first downlink GE port can assign VLAN IDs
between 101 and 164, the ONU get its VLAN ID based on the following formula:
VLAN ID = VLAN_ID_base -1 + ((PON_port_number -1) X 64) + lport_number
Where:

The VLAN ID base is configurable (default is 101). Possible Value: 2-494 and
1262-3583
The PON port number can be 1 to 8. (OLT1/1 = 1; OLT1/2 = 2; ... OLT2/4 = 8)
The lport number can be 1 to 64.
Valid VLAN IDs are 1 to 4094 with the exception of 1006 to 1261 (inclusive)
which are reserved. The valid values for the VLAN ID base can be between 2
and 494 and between 1262 and 3583.
VLAN ID Assignment in Either all downlink GE ports (GE1/1-4, GE2/1-4) or all uplink GE ports(GE3/1-4)
Stack-tag running mode are the untagged members of default vlan 1.
ONU's Local Application Description

Authentication Example According to the network plan, service VLAN 10 is assigned to ONU1 and VLAN
15 to ONU2. Activate local authentication's lport binding function, register ONU1
and ONU2 successfully. Assum the BBS1000+ is running in Unique-tag mode.
Example Topology
Figure 47 Local ONU Authentication
As shown in Figure 47, BBS 1000+'s downstream OLT1/1 port connects with
ONU1 and ONU2 through a splitter. In this example, BBS 1000+'s local
authentication's lport binding function is enabled and the VLAN ID Base is set to
10.
Configuration Tasks The general tasks involved in configuring local ONU authenticatin are given
1 Configure PON System Parameters
2 Configure the ONU's MAC and PON's lport binding

3 Activate the OLT port and the lport binding
Configure PON System Parameters

1 Enable local authentication for ONU users.
telnet@BBS1000+(config-t)# pon-sys local-authentication
enable
2 Enable lport binding.

telnet@BBS1000+(config-t)# pon-sys lport-strict-binding
enable
3 Set the VLAN ID Base to 10.

telnet@BBS1000+(config-t)# pon-sys vlan-id-base 10
Warning: save and reboot system to take effect for vlan id

base modification. Verify the PON system configuration.
4 Display the PON system configuration.


5 Enter the Configuration Management command mode.


success
7 Reboot the system.

Configure the ONU's MAC and PON's lport binding

There are 64 lports in each OLT downlink port (OLT1/1-4, OLT2/1-4). ONUs
network requirements. Since the VLAN ID is based on the lport assignment, the

ONU's lport number can be derived from the planned VLAN ID. In this example,
ONU1 is in VLAN 10 therefore its logical port will be lport1 of GE1/1, and ONU2
planned VLAN ID is 15, so its logical port will be lport6 of GE1/1.
1 Enter the Configuration Terminal command mode.

mode.
In the following command "onu 1" is the same as OLT 1/1's lport 1. To assign the
ONU lport 5, the command would be "onu 5".
The ONU's MAC address can be found on a label on the ONU's bottom cover.

00:07:ba:34:af:36
5 Return to the Configuration Terminal command mode by entering the exit

command twice.
6 Bind ONU2's MAC address with lport6 of OLT1/1.


00:07:ba:35:a2:e0
7 Return to the Configuration Terminal mode by entering the exit command twice.
Activate the OLT port and the lport binding

1 Enter the following command to enter port OLT1/1's configuration command
mode.
to activate the OLT port..
Upon the OLT port activation, the connected ONU will be registered
automatically and the lport is bound to the ONU's MAC address.

1 Check ONU's registration status on OLT1/1.
1/1 onu-registered
-------------------------------------------------------------
authorized
ONU mac address = 00:07:ba:34:af:36
User ID =
RTT TQ = 2
Laser_on_time = 4
Laser_off_time = 4
Firmware version = 02.01.19.00
Bootloader version = 02.01.10.00
-------------------------------------------------------------
authorized
ONU mac address = 00:07:ba:35:a2:e0
User ID =
RTT TQ = 4
Laser_on_time = 4
Laser_off_time = 4


Deleting the Example Restore PON system parameters

Configuration
1 Disable lport binding.
disable
2 Reset the VLAN ID BASE to the default value (101).

telnet@BBS1000+(config-t)# pon-sys vlan-id-base 101
Warning: save and reboot system to take effect for vlan id

base modification. Verfiy the PON system configuration.
3 Display the PON system configuration.


local logical port strict binding = disabled
4 Enter the Configuration Management command mode.


success
6 Reboot the system.

Delete Lport and MAC binding

1 Display the binding table.
telnet@BBS1000+(config-t-if-olt-1/1)# show interface epon-olt 1/1 mac-address-table
Record OLT LPort ONU id LLID VID Mac_Address Type

---------------------------------------------------------------------
1 1/1 1 1 3 0 00:07:ba:34:af:36 Dynamic
2 1/1 6 6 4 0 00:07:ba:35:a2:e0 Dynamic
2 Delete the binding table entries.


0:0:0:0:0:0

0:0:0:0:0:0
OLT Management
OLT Port Introduction Administrative Status

A port's Administrative Status by default is Enabled. It can be changed by the
shutdown/no shutdown command.
The shutdown command deactivates the port and sets the port's Administrative
Status to Disabled. The no shutdown command activates the port and sets the
port's Administrative Status to Enabled.
Physical State of OLT Module

The default Physical State of OLT modules is not present. When an OTL
module is installed into BBS 1000+, the physical state of all ports in that module
is present.
Transceiver Type
There are five type of transceivers:FIBERXON, INFINEON, SFP, ZENO, ZONU.
Currently only FIBERXON is supported.
Use CLI command "show interface epon-olt brief" to check the transceiver type.
telnet@BBS1000+(config-t-if-olt-1/1)# show interface epon-olt brief
OLT state admin phy mac Num of transceiver

Hardware Firmware
id state state addr onu type version
version
---------------------------------------------------------------------------------
1/1 Running Enabled present 00:e0:8e:88:00:01 0 SFP -FIBERXON INC.
0x50010003 0x20009
1/2 Disabled Disabled present 00:e0:8e:88:00:02 0 N/A
0x50010003 N/A
0x50010003 N/A
0x50010003 N/A
2/1 Disabled Disabled not present 00:e0:8e:88:00:05 0 N/A N/A
N/A
N/A

OLT Management 189

N/A
N/A
Reseting OLT Under certain situations, abnormal behavior may occur on the OLT ports as
listed below:
1 Packet loss at OLT ports
2 The ONU MAC addresses in the PON system's MAC Address Table are not
consistent with the actual ONU MAC addresses.
When these conditions occur, the user needs to reset the OLT port. The GEPON
system currently provides two methods for resetting the OLT port:
Automatically using the Monitoring Method
Manual Reset Method
Monitoring Method
At the DEBUG configuration level, two CLI commands provide automatic
abnormality monitoring: olt-pause-frames-monitoring and
olt-mismatch-monitoring. When this type of abnormality occurs, the system
will reset the corresponding OLT port.
By default olt-pause-frames-monitoring is Enabled. When the number of
PON port pause-frames received, reaches a threshold during a certain
period, the system will reset this PON port.
By default olt-mismatch-monitoring is Enabled. When the PON system's
MAC address table is not consistent with the actual ONU MAC addresses,
the system will reset the port.
Example:
Disable the both of these monitoring methods from the DEBUG command
mode.
1 Enter Debug command mode.
BBS1000+# debug
telnet@BBS1000+(debug)#
2 Disable OLT MAC address mismatch monitoring.

telnet@BBS1000+(debug)# olt-mismatch-monitoring disable
3 Disable OLT pause frame monitoring.

telnet@BBS1000+(debug)# olt-pause-frames-monitoring disable
Reset OLT Manually

Two CLI commands can be used to manually reset an individual OLT port or the
LTM module.

The CLI command ltm-reset can be used to reset the LTM module as shown in
the example below.
Example 1: Reset the whole LTM module.
1 Check the BBS 1000+'s 8051 chip status to verify that the LTM module is
installed properly in the BBS 1000+ system.
telnet@BBS1000+(config-t)# show 8051
8051 Chip in GSM: Work normally

8051 Chip in Slot 1: Work normally
8051 Chip in Slot 2: No Present
2 Reset the LTM module.

telnet@BBS1000+(config-t)# ltm-reset 1
Error: OLT 1/1 is still running.
Example 2: Reset one OLT port.
1 Check the BBS 1000+'s 8051chip status to verify that the LTM module is
installed properly in the BBS 1000+ system.
telnet@BBS1000+(config-t)# show 8051
8051 Chip in GSM: Work normally

8051 Chip in Slot 1: Work normally
8051 Chip in Slot 2: No Present

3 Rest port OLT1/1 via chip 8051.

telnet@BBS1000+(config-t-if-olt-1/1)# reset
Error: OLT 1/1 is still running.
OAM rate limit After enabling OAM rate limit, those OAM communication rate will be limited by
BBS 1000+ system. By default, the oam rate limit is disabled.
Example: Eable the OLT1/2 rate limit.
1 Enter the OLT1/2 port configuration command mode.

2 Enalbe the oam rate limit on OLT1/2 port.

OLT Management 191
telnet@BBS1000+(config-t-if-olt-1/2)# oam-limit enable
3 Check the configuration.

1/2 running-config

no shutdown
oam-limit enable
vlan-mode stack-tag
dba algorithm plato
OLT Configuration
Commands
Table 24 OLT Configuration Commands

Enter Configure OLT(i.e. 1/2) command mode
Enable/disable OLT port. [no] shutdown
Configure the transceiver type of OLT transceiver-type <typename>
Enable oam rate limit on OLT port oam-limit <enable|disable>
Display current OLT and all ONU state. show interface epon-olt [module/port] brief
Display OLT running configuration show interface epon-olt [module/port] running-config
Show all registed ONU show interface epon-olt [module/port] onu-registered
OLT Configuration Enter OLT Configuration command

Example List BBS1000+(config-t)# interface epon-olt 2/1
Configure OLT Transceiver Type

BBS1000+(config-if-olt-2/1)# transceiver-type fiberxon
BBS1000+(config-if-olt-2/1)#
Disable OLT
BBS1000+(config)# interface epon-olt 2/1
BBS1000+(config-if-olt-2/1)# shutdown
BBS1000+(config-if-olt-2/1)#
Show Registered ONU

BBS1000+(config-t-if-olt-1/1)# show interface epon-olt onu-registered
----------------------------------------------------------------------


Registered state = Registered, authentication state = authorized
ONU mac address = 00:07:ba:34:bd:ca
User ID =
RTT TQ = 2
Laser_on_time = 4
Laser_off_time = 4
----------------------------------------------------------------------
User ID =
RTT TQ = 4
Laser_on_time = 4
Laser_off_time = 4
Show Running-config of All OLT Ports

@BBS1000+(config-t-if-olt-1/1)# show interface epon-olt
running-config

no shutdown
transceiver-type ltm1-fiberxon1
dba algorithm plato
dba algorithm plato cycle-size 14
dba algorithm plato discovery-freq 50
shutdown
transceiver-type ltm1-fiberxon1
dba algorithm plato
dba algorithm plato cycle-size 14
dba algorithm plato discovery-freq 50
Show OLT port statistics of Packets

statistics
-------------------------------------------------------
OLT = 1/1
Report Frames:
Tx OK .......................... = 48441045
Rx OK .......................... = 48392890
Gate Frames:
Tx OK .......................... = 48524517
Rx OK .......................... = 49121469
Sys Frames:
Tx OK .......................... = 6217278
Rx OK .......................... = 62092
Rx Err ......................... = 0

OLT&ONU DBA Configuration 193
Sys Octets:
Tx OK .......................... = 472514116
Rx OK .......................... = 4470644
Rx PHY Err ......................... = 0
PON Octets:
Tx OK .......................... = 3496184656
Rx OK .......................... = 3938486824
PON Frames:
Total Tx Dropped ............... = 0
Total Rx Dropped ............... = 68
Rx FCS Error ................... = 0
Rx Multicast ................... = 54659342
Tx Multicast ................... = 48477372
Rx Broadcast ................... = 0
Tx Broadcast ................... = 0
-------------------------------------------------------
OLT = 1/2
Report Frames:
Tx OK .......................... = 0
Rx OK .......................... = 0
Gate Frames:
Tx OK .......................... = 0
Rx OK .......................... = 0
Sys Frames:
Tx OK .......................... = 0
Rx OK .......................... = 0
Rx Err ......................... = 0
Sys Octets:
Tx OK .......................... = 0
Rx OK .......................... = 0
Rx PHY Err ......................... = 0
PON Octets:
Tx OK .......................... = 0
Rx OK .......................... = 0
PON Frames:
Total Tx Dropped ............... = 0
Total Rx Dropped ............... = 0
Rx FCS Error ................... = 0
Rx Multicast ................... = 0
Tx Multicast ................... = 0
Rx Broadcast ................... = 0
Tx Broadcast ................... = 0
-------------------------------------------------------
OLT&ONU DBA
Configuration
MPCP Introduction BBS 1000 uses the Multi-Point Control Protocol (MPCP), as defined in IEEE
802.3ah, to perform ONU Auto-Discovery, Registration, Bandwidth Allocation,
Round Trip Time (RTT) calculation, and OAM functions. MPCP messages are
passed back and forth between the OLT and ONUs to implement these
operations. The main MPCP messages are described below.
GATE message: The OLT sends Gate messages to the ONUs to assign
transmission time slots for both ONU discovery and normal data transmission.
The ONUs then use these assigned time slots for transmitting data packets.

REPORT message: The ONUs sends Report messages to inform the OLT of
ONU status, such as bandwidth requirements and traffic congestion conditions.
The Report messages help the OLT make intelligent bandwidth allocation
decisions.
REGISTER_REQONUs send Register Request messages upstream to the

OLT during the automatic discovery period to request registration on the
BBS1000 system.
REGISTERAfter receiving a RESISTER_REQ message from an ONU, the

OLT responds with a REGISTER message to confirm that the request was
received.
REGISTER_ACKAfter receiving the REGISTER message from the OLT, the

ONU sends the OLT a Register Acknowledge message, indicating that the
registration process is finished.
ONU automatic discovery, registration and data communication processes

between the OLT and ONUs are described below.
ONU Automatic Discovery

The ONU automatic discovery process is depicted in the following figure:

Figure 48 Discovery Handshak Message Exchange
Normal Data Transmission Process

The normal data transmission between ONU and OLT is shown in Figure 49.
Figure 49 GATE/REPORT Process

1 Once the ONU discovery process is completed, the OLT assigns the ONU a
specific transmission timeslot via a GATE message.
2 Before the ONU's timeslot arrives, the ONU buffers data waiting to be
transmitted
3 During the ONU's timeslot, the ONU transmits a REPORT message and Data
to be forwarded
4 After receiving REPORT messages and Data from all the ONUs in the queue,
the process starts over with the OLT sending out a GATE message
MPCP Timeout There are two MPCP Timeout parameters, one for the OLT and the other for the
ONU. Both Timeout parameters are described below:
OLT MPCP Timeout

OLT MPCP timeout is the time that the OLT waits for the ONU to respond after
sending it a MPCP message,
For example, during the ONU automatic discovery and registration process, the
OLT waits for a specified timeout period after sending a GATE message for the
ONU to respond with a REGISTER_REQ message.
The OLT MPCP Timeout range is 200-5000ms. The default value is 1000ms.
The CLI command for displaying the MPCP Timeout value is shown below.
telnet@BBS1000(config-t)# show interface epon-olt

mpcp-timeout
OLT Id mpcp timeout(ms)

-------+----------------
1 1000
2 1000
3 1000
4 1000
5 1000
6 1000
7 1000
8 1000
ONU MPCP Timeout

ONU MPCP timeout is the time that the ONU waits for the OLT to respond after
sending out a MPCP message.
For example, during the ONU automatic discovery and registration process, the
ONU waits for a specified timeout period after sending a REGISTER_REQ
message for the OLT to respond with a REGISTER message.

The ONU MPCP Timeout range is 200-5000ms. The default value is 4000ms.
The CLI MPCP Timeout configuration commands are listed below.
MPCP Timeout Configuration Commands

Table 25
OLT MPCP timeout: Issued from the OLT Configure mpcp-timeout<200-5000>
Terminal command mode.
(Default: 1000)
ONU MPCP timeout: Issued from the ONU Configure mpcp-timeout<200-5000>
Terminal command mode.
(Default:4000)
Restore the default MPCP timeout value no mpcp-timeout
Display MPCP timeout values for all OLT ports show interface epon-olt
mpcp-timeout
Display MPCP timeout value(s) for ONU(s), among show interface
other ONU information. epon-olt[module/port]onu summary
Note: The default MPCP Timeout value is recommended.
Dynamic Bandwidth Dynamic Bandwidth Allocation (DBA) is essential for an efficient GEPON
Allocation Introduction network. This is the only mechanism that allows for performance of
over-subscription on the PON, and is a key requirement for provisioning in
business and residential deployments.
Upstream and downstream traffic on the BBS 1000+ system is handled

differently as described below:
Upstream Traffic
Upstream rate control for traffic from the ONU to the OLT is set by Dynamic
Bandwidth Allocation (DBA).
Downstream Traffic
The traffic from OLT to ONU, downstream rate control is set by the onu's
policy. For policy configuration refer to Section ONU Policy
ConfigurationPolicy Configuration on Page page 193.
The EPON MPCP (802.3ah) protocol defines that downstream traffic is
broadcast and upstream traffic uses Time Division Multiplexing (TDM). In the
downstream direction each ONU sees all the frames transmitted from the OLT.
In upstream direction, each ONU is allocated a time slot to transmit in and only
the OLT sees the frames transmitted by the ONU.
DBA algorithm is cycle based. A grant cycle is a period of pre-calculated

bandwidth allocation. At each cycle DBA algorithm based on the collected
ONUs's requests from the previous cycle and SLA to allocate bandwidth to
ONUs for the next cycle. SLA defines the minimum bandwidth, maximum
bandwidth and maximum burst size for each ONU.

To discover new ONU, OLT sends discovery gate periodically to the ONUs.
Within this window ONU can send register request to OLT and wait to get grant.
The frequency of how often the discovery gate should be sent can be configured
for each OLT port at the start of DBA algorithm. User can also configure the size
of the discovery gate and the grant cycle.
After modifying discovery size, discovery frequency, and grant cycle; user
should shutdown the OLT port and no shutdown the OLT port in order to take
these changes effect.
Configuring OLT DBA When allocating upstream dynamic bandwidth, BBS 1000+ supports two DBA
algorithms: Internal and Plato. The main differences between these two
algorithms are listed below:
1 The minimum bandwidth precision for Plato is 64kbit, which is less than
algorithm Internal's 1Mbit minimum bandwidth precision. Here precision means
the minimum bandwidth unit that can be assigned to end customers.
2 When Plato algorithm is used by one port of OLT, if no data is transmitted from
one connected ONU, this ONU's assigned committed bandwidth will be
reassigned to other ONUs. For algorithm Internal, it will always reserve the
committed bandwidtch to each ONU.
For configurable Internal algorithms parameters, please refer to the following

table. There is no parameters configurable for Plato algorithms.
Table 26 OLT DBA Configuration Parameters
Field Description Value used in Internal

Discovery Size(TQ) During discovery and registration process, the window size that OLT 0-65535TQ (16 nanosecond)
provides ONU for registration request's response.
Default Value: 1792
Note: This parameter is only used in the Internal algorithm.
Discovery Frequency The maximal number of consecutive grant cycles that do not contain a 0-65535
discovery gate. After completion of these grant cycles, there will be a grant
cycle containing a discovery gate. Default Value: 500
NoteA higher value will result in better Bandwidth utilization but will also
increase the time from power up that will take for an ONU to be registered.
Cycle Size During data transmission process, the cycle's size used to transmit data by 16384..131072TQ
all ONUs connected to that OLT.
Default Value: 65536
OLT DBA Configuration

Commands
Table 27 OLT DBA Configuration Commands

Table 27 OLT DBA Configuration Commands
Enter Configure OLT(i.e. 1/2) command mode

Configure parameter discovery size used in Internal DBA [no] dba algorithm internal discovery-size <dis-size>
algorithm
Configure parameter discovery frequency used in Internal DBA [no] dba algorithm internal discovery-freq <freq>
algorithm
Configure parameter cycle size used in Internal DBA algorithm [no] dba algorithm internal cycle-size <cycle-size>
Display OLT DBA information show interface epon-olt [module/port] dba
Changing DBA
algorithm From Plato to
Internal on OLT1/1
1 Display the DBA Algorithm applied on OLT1/1.

telnet@BBS1000+(config-t-if-olt-1/1)# show interface epon-olt dba
olt algorithm discovery size discovery freq cycle size

----------------------------------------------------------------------
1/1 plato N/A N/A N/A
2 Configure OLT1/1's DBA algorithm as Internal.

telnet@BBS1000+(config-t-if-olt-1/1)# dba algorithm internal
Please shutdown then no shutdown this port to make new

algorithm take effect
3 Restart OLT1/1 PON port to enable the new DBA algorithm.

telnet@BBS1000+(config-t-if-olt-1/1)# shutdown
4 Display DBA algorithm configuration on OLT1/1.

BBS1000+(config-t)# show interface epon-olt 1/1 dba

-------------------------------------------------------------
1/1 internal 1792 500 65536
Configuring ONU ONU SLA is to configure ONU's service level agreements for dynamic
DBA-SLA bandwidth algorithm.
The configurable parameters of ONU DBA-SLA include:

The committed-bandwidth in DBA algorithms.

committed-bandwidth is the uplink bandwidth that BBS 1000+ reserves for

ONU.When algorithm Internal is used, no matter whether the actual ONU
uplink rate reaches the committed bandwidth or not, BBS 1000+ always
keeps that bandwidth for the ONU. When algorithm Platois used, BBS 1000+
will reassign the unused commited-bandwidth to other ONUs.
There are two units for committed-bandwidth: Kbps and Mbps.
The value ranges are 1..1000Mbps and 1..1000000kbps.
By default, system's OLT port uses algorithm Plato. And the default
committed-bandwidth value is 10000 Kbps.
The max-bandwidth in DBA algorithms.
Max-bandwidth is the maximum uplink bandwidth that ONU can reach. When
the ONU uplink rate exceeds that max-bandwidth, it will discard the
exceeded packets according to the following rules:
Discard the low priority packets first to ensure high priority packets pass
through.
For packets with the same priority, discard the latest arrived packets
according to FIFO (first in first out).
There are two units for max-bandwidth: Kbps and Mbps.

The value range are 1..1000Mbps and 1..1000000kbps.
By default, system's OLT port uses algorithm Plato. And the default
committed-bandwidth value is 100000 Kbps.
When OLT DBA's algorithm is Internal, committed-bandwidth and
max-bandwidth only support unit Mbps.
class
Class parameters are only used in algorithm Plato.
Class is divided into 8 levels. Numbers 0-7 are used to label them from lower
to higher priority.
The ONU with the highest priority will first get the maximum bandwidth.
Lport binding
Please refer to Configuring ONU's Local Authentication ONU's Local
Authentication on page 181
MAC-limit
Please refer to PON System MAC Address Table on page 236.
BBS1000+(config-if-onu-2/4/1)# show in epon-olt 2/4 onu 1 dba-sla
OLT LPort VID committed maximum maximum calling

bandwidth bandwidth burst-size station-id
(mbps) (mbps) (Kbytes)
--------------------------------------------------------------------
2/4 1 325 10 100 100 00:00:00:00:00:00

ONU DBA-SLA
Configuration
Commands
Table 28 ONU DBA_SLA Configuring Commangs

Enter Configure ONU(i.e. 1/2/3) command mode
BBS1000+(config-t-if-olt-1/2/3)#
Configure parameter committed bandwidth of ONU's dba-sla committed-bandwidth <bandwidth>
SLA for DBA
Configure parameter max bandwidth of ONU's SLA for dba-sla max-bandwidth < max-bandwidth>
DBA
Configure parameter class of ONU's SLA for DBA dba-sla class<0-7>
Reset ONU's SLA configuration for DBA no dba-sla { committed-bandwidth| max-bandwidth| max-burst-size}
Display ONU's SLA configuration for DBA show interface epon-olt [module/port] onu [logical-port] dba-sla
Example of OLT&ONU Application Description

DBA Configuration One Internet Cafe and one phone bar are connected to the Internet via GEPON
system. BBS 1000+ allocates appropriate upstream bandwidth for the Internet
Cafe and Phone Bar.

Example Topology
Figure 50 OLT&ONU DBA Configuration
As shown in Figure 50, Through ONU1 and ONU2 respectively, Internet Cafe
and Phone Bar connect BBS 1000+ downlink port OLT2/4. According to actual
requirement, configure the DBA parameters shown in Table 29:
Table 29 DBA Parameters Configuration
ONU Max bandwidth committed-bandwidth Class

ONU1 50M 10M 0
ONU2 1.5M 1M 7
Configuration Tasks The general tasks involved in configuring OLT&ONU DBA are given below.
After this task overview, detailed steps are described for each task, using the
1 Configure OLT DBA
2 Configure ONU2 DBA-SLA
Configure OLT DBA

Here we use OLT's default DBA parameters.
Users are not suggested to modifyBBS 1000+ OLT DBA parameters.
1 Display the DBA Algorithm applied on OLT1/1.

telnet@BBS1000+(config-t-if-olt-1/1)# show interface epon-olt dba


----------------------------------------------------------------------
1/1 plato N/A N/A N/A
Configure ONU1 DBA-SLA

1 Enter ONU1 Configuration command mode.
2 Display ONU1's DBA-SLA configuration.

telnet@BBS1000+(config-if-onu-1/1/1)# show interface epon-olt 1/1 onu 1/1 dba-sla
OLT LPort VID committed maximum mac-limit plato calling

bandwidth bandwidth class station-id
(Kbps) (Kbps)
---------------------------------------------------------------------------------
1/1 1 101 10000 100000 30 0 00:07:ba:35:a2:ec
3 Configure ONU1's committed bandwidth as 10Mbps.

telnet@BBS1000+(config-if-onu-1/1/1)# dba-sla
committed-bandwidth 10
4 Configure ONU1's maximum bandwidth as 50Mbps.

maximum-bandwidth 50

telnet@BBS1000+(config-if-onu-1/1/1)# show interface epon-olt 1/1 onu dba-sla

(Kbps) (Kbps)
---------------------------------------------------------------------------------
1/1 1 101 10 50000 30 0 00:07:ba:35:a2:ec
Configure ONU2 DBA-SLA

1 Enter ONU2 Configuration command mode.

telnet@BBS1000+(config-if-onu-1/1/2)# show interface epon-olt 1/1 onu 2 dba-sla

(Kbps) (Kbps)
-------------------------------------------------------------------------------
1/1 2 102 10000 100000 30 0 00:07:ba:38:9c:b0

3 Configure ONU2's committed bandwidth as 1Mbps.

committed-bandwidth 1
4 Configure ONU1's maximum bandwidth as 1.5Mbps.

maximum-bandwidth 1000 k
5 Configure ONU2's class as 7.

telnet@BBS1000+(config-if-onu-1/1/2)# dba-sla class 7
Please shutdown then no shutdown this ONU to make new class

effective
telnet@BBS1000+(config-if-onu-1/1/2)# shutdown
telnet@BBS1000+(config-if-onu-1/1/2)# no shutdown


(Kbps) (Kbps)
-----------------------------------------------------------------------------------
1/1 2 102 1000 1512 30 7 00:07:ba:38:9c:b0
Result Analyze
Through the above configuration, when there is upstream data transmission for
the Caf bar and Phone bar, the data will follow the rules:
The maximum upstream bandwidth for the Internet Caf bar connected to
ONU1 is 50M and the guaranteed upstream bandwidth is 10M. The data
from Internet Caf bar has a relatively low priority. The priority is 0.
The maximum upstream bandwidth for the Phone bar connected to ONU2 is
1.5M and the guaranteed upstream bandwidth is 1M. The data from Phone
bar has the highest priority. The priority is 7.
When data traffic happens at BBS 1000+'s port OLT1/1, the data from Phone
Bar will pass through first.
Deleting All the Restore ONU1's DBA-SLA Configruation

Configurations
1 Restore ONU1's committed bandwidth.
telnet@BBS1000+(config-if-onu-1/1/1)# no dba-sla
committed-bandwidth
2 Restore ONU1's maximum bandwidth.

maximum-bandwidth

ONU Policy Configuration 205


(Kbps) (Kbps)
-----------------------------------------------------------------------------------
1/1 1 101 10000 100000 30 0 00:07:ba:35:a2:ec
Restore ONU2's DBA-SLA Configruation

1 Restore ONU2's maximum bandwidth.
maximum-bandwidth
2 Restore ONU2's committed bandwidth.

committed-bandwidth
3 Restore ONU2's class.

telnet@BBS1000+(config-if-onu-1/1/2)# no dba-sla class
Please shutdown then no shutdown this ONU to make new class

effective
telnet@BBS1000+(config-if-onu-1/1/2)# shutdown
telnet@BBS1000+(config-if-onu-1/1/2)# no shutdown

(Kbps) (Kbps)
----------------------------------------------------------------------------
1/1 2 102 10000 100000 30 0 00:07:ba:38:9c:b0
ONU Policy
Configuration
ONU Policy Introduction To realize the dynamic bandwidth assignment (DBA) between ONUs, the same
PON port of BBS 1000+ system supports two policies:
Downstream Policy
Downstream policy is to control the downstream's bandwidth assignment
from BBS 1000+ OLT port to ONUs.

p2p-Stream Policy
p2p-Stream policy is to control the bandwidth assignment between
ONUs.When ONU is in p2p-access mode, this ONU can communicate with
other ONUs.
p2p-streamDBA is closely related to ONU's DBA-SLA configuration. For detailed
information please refer to Result Analyze of Configuration Tasksation Tasks on
page 215
ONU Downstream User can configure ONU's downstream bandwidth. Downstream bandwidth
Configuring includes the following parameters:
The priority of downstream forwarding
They are high-priority-frames and short-frames. The defaults for both of them
are Enable.
Maximum-bandwidth
The maximum bandwidth is allowed for downstream.
Maximum-bandwidthhas two units to choose: Kbps and Mbps.
The configurable range is 0..1000Mbps and 0..1000000kbps.
The default for 10000000Kbps.
Max-burst-size
When traffic jam happens, the system will control the flow through Toke. The
bucket's buffer size is max-burst-size. That is , when there is traffic jam,
system will guarantee that max-burst-size data will not get lost.
The value range for max-burst-size is 0-8192Kbytes. The default
max-burst-size is 256Kbytes.
To activate the downstream bandwidth parameters' configurations, ONU
downstream bandwidth policing must be enabled. The default value for
this policy is disable.
Use CLI command downstream bandwidth policing to activate ONU's
downstream bandwidth configuration.
User can use similar command as the following to check ONU's downstrem
bandwidth parameters' configuration.
telnet@BBS1000+(config-if-onu-1/1/1)# show interface epon-olt 1/1 onu
downstream-bandwidth
OLT LPortmaximum maximum policing-enable high-priority-frames short-frames

bandwidth burst-size 0-DISABLE 0-DISABLE 0-DISABLE
(Kbps) (Kbytes) 1-ENABLE 1-ENABLE 1-ENABLE
------------------------------------------------------------------------------------
--
1/1 1 1000000 256 0 1 1
1/1 2 1000000 256 0 1 1

ONU p2p Configuring P2P Access Introduction

ONU's p2p-access work mode is, by default, disabled. Use CLI command
p2p-access policing [onulist] to activate ONU's p2p mode. If without
parameter onulist, under p2p-access mode ONU can communicate with all
ONUs under the same OLT port. If defining the parameter onulist, under
p2p-access mode ONU can communicate with those ONUs specificed by onulist
under the same OLT.
For example, one company's Human Resource and Product Manufacturing

departments all need to access IT department, while Human Resource and
Product Manufacturing should not access to each other. In this case, onu can
activate p2p-access mode in ONU1 shown in the following figure.
Figure 51 p2p Access Mode Topology Example
For the ONU under p2p-access mode, user can control the data communication
between them with p2p-stream policy.
P2P-stream Policy
By default, ONU's p2p mode is disabled. Through CLI command p2p-access
policing [onulist] to activate ONU's p2p mode.
Under p2p-access mode, user can configure the following ONU p2p-stream
bandwidth parametres:
Maximum-bandwidth
The maximum bandwidth can be allowed between two
ONUs.Maximum-bandwidth has two units to choose: Kbps and Mbps. For
different OLT types, there are two different value range to configure
maximum-bandwidth parameter.
For M4 OLT, the configurable range is 0..500Mbps and 0..500000kbps.
The default is 100000Kbps.
For M3 OLT, the configurable range is 0..1000Mbps and 0..1000000Kbps.
The default is 1000Kbps.
Using CLI command show inter epon-olt brief to distingush the OLT type.
Max-burst-size
When traffic jam happens, the system will control the flow through Toke. The
bucket's buffer size is max-burst-size. That is, when there is traffic jam,
system will guarantee that max-burst-size data will not get lost.
The value range for max-burst-size is 0-8192Kbytes. The default
max-burst-size is 256Kbytes.
To activate the p2p-stream bandwidth parameters' configurations, ONU
p2p-stream bandwidth policing must be enabled. The default value for this
policy is disable.
Use CLI command p2p-stream bandwidth policing to activate ONU's
p2p-stream bandwidth configuration.
User can use similar command as the following to check ONU's p2p bandwit
parameters' configuration.
telnet@BBS1000+(config-if-onu-1/1/1)# show interface epon-olt 1/1 onu p2p-bandwidth

------------------------------------------------------------------------------------
--
1/1 1 1000 256 0 1 1
1/1 2 1000 256 0 1 1

P2P-stream & Upstream Forwarding Procedure

As shown in Figure 52, we will use "ONU1 sending up-stream data to GE3/2,
ONU1 sending P2P-stream data to ONU2 and ONU3" as an example to
describe ONU1's upstream and P2P-stream data transmission policies.
Figure 52 P2P-stream & Upstream Forwarding
Upstream and P2P-stream data transmission on ONU1:

1 When the Upstream and P2P-stream data volume from ONU1 is no larger than
that defined DBA-SLA Max. Bandwidth on ONU1, Upstream data will be
transmitted normally.
2 When the Upstream and P2P-stream data volume from ONU1 is larger than that
defined DBA-SLA Max. Bandwidth, Upstream and P2P-stream's data
transmission will following the rules:
The actural transmitted Upstream data volumn is:
DBA-SLA Max. Bandwidth {Upstream/(Upstream+P2P-stream)}
The actural transmitted P2P-stream total data volumn is:
DBA-SLA Max. Bandwidth { P2P-stream /(Upstream+P2P-stream)}
The P2P-streamdata transmission between ONUs:
1 When the actural transmitted P2P-stream data volume is no larger than that
defined P2P-Stream Max. Bandwidth on ONU1, P2P-stream data will be
transmitted normally.
Here the total volumn of P2P-stream can be the above calculated
P2P-stream data volumn, or the total P2P-stream data volumn from ONU1 to
either ONU2 or ONU3.

The actural transmitted P2P-stream data volumn on ONU2 is:

The actural transmitted P2P-stream total data volumn
P2P-stream_To2/(P2P-stream_To2 + P2P-stream_To3)
The actural transmitted P2P-stream data volumn on ONU3 is:
The actural transmitted P2P-stream total data volumn
P2P-stream_To3/(P2P-stream_To2 + P2P-stream_To3)
2 When the actural transmitted P2P-stream total data volumn is larger than that
defined P2P-Stream Max. Bandwidth on ONU1, the P2P-stream data will be
transmitted to ONU2 and ONU3 according the folloing rules:
The actural ONU2 transmitted P2P-streamdata volumn is:
P2P-stream Max. Bandwidth P2P-stream_To2/(P2P-stream_To2 +
P2P-stream_To3)
The actural ONU3 transmitted P2P-stream data volumn is:
P2P-stream Max. Bandwidth P2P-stream_To3/(P2P-stream_To2 +
P2P-stream_To3)
ONU Policy
Configuration
Commands
Table 30 ONU Policy Configuring Commands

[no] downstream bandwidth policing
Enable|disable the downstream bandwidth policy
Configure prefer parameter of the downstream SLA [no] downstream prefer< high-priority-frames| short-frames>
Configure maximum bandwidth of the downstream SLA. downstream maximum-bandwidth <bandwidth> <mbps|kbps>
no downstream maximum-bandwidth
Configure max burst size of the downstream SLA.,unit is downstream max-burst-size <burst size>
Kbytes
no downstream max-burst-size
Enable|disable P2P access policy [no] p2p-access policing [onulist]
Enable|disable P2P-stream bandwidth policy [no]p2p-stream bandwidth policing
Configure maximum bandwidth of the p2pstream SLA. p2p-stream maximum-bandwidth <bandwidth> <mbps|kbps>
no p2p-stream maximum-bandwidth
Configure max burst size of the p2pstream SLA, unit is p2p-stream max-burst-size <burst size>
Kbytes.
no p2p-stream max-burst-size

Table 30 ONU Policy Configuring Commands (continued)

show inter epon-olt [module/port] onu [logical-port] summary
show interface epon-olt [module/port] onu [logical-port]
Display ONU downstream bandwidth policy downstream-bandwidth
Display ONU P2P bandwidth policy show interface epon-olt [module/port] onu [logical-port]
p2p-bandwidth
Example of ONU Application Description

Downstream Policy One Internet Caf and one Phone Bar are connected to the Internet
Configuration throughGEPON BBS 1000+ system. The appropriate downstream bandwidth
assignment policies are done at BBS 1000+ OLT.
Example Topology
Figure 53 ONU Downstream Policy Configuration
The Internet Cafe is connected to BBS 1000+ downlink port OLT1/1 via ONU1
and the Phone barisconnected to BBS 1000+ downlink port OLT1/1 via ONU2.
According to specific requirement, the Downstream Bandwidthparameters
shown in Table 31 can be configured:
Table 31 Downstream Bandwidth Paramenters
ONU Max bandwidth burst-size Perfer

ONU1 100M 256KbytesDefault EnableDefault
ONU2 1.5M 256KbytesDefault EnableDefault

Configuration Tasks The general tasks involved in configuring ONU downstream bandwidth policy
are given below. After this task overview, detailed steps are described for each
task, using the topology example in Figure 53.
1 Configure ONU1's downstream bandwidth
2 Configure ONU2's downstream bandwidth
Configure ONU1's downstream bandwidth

1 Logon to the BBS 1000+ system.
Username:admin
Password:******
2 Enter ONU1's Configure command mode.

3 Display ONU1's default downstream bandwidth parameters.

telnet@BBS1000+(config-if-onu-1/1/1)# show interface epon-olt 1/1 onu 1
OLT LPort maximum maximum policing-enable high-priority-frames short-frames

------------------------------------------------------------------------------------
1/1 1 1000000 256 0 1 1
4 Enable ONU1's downstream policy.

telnet@BBS1000+(config-if-onu-1/1/1)# downstream bandwidth
policing
5 Configure ONU1's downstream maximum bandwidth.

telnet@BBS1000+(config-if-onu-1/1/1)# downstream
6 Display ONU1's downstream policy configuration.

OLT LPort
maximum maximum policing-enable high-priority-frames short-frames
------------------------------------------------------------------------------------
1/1 1 100000 256 1 1 1

Configure ONU2's downstream bandwidth

1 Enter ONU2's configure command mode.
2 Enable ONU2's downstream policy.

telnet@BBS1000+(config-if-onu-1/1/2)# downstream bandwidth
policing
3 Configure ONU2's downstream maximum bandwidth.

When Kbps unit is used, it should be step by 64. Valid values will be 1000 *
Mbps + 64 * <0..15> Kbps. Here 1.5Mbps equals to 1512Kbps.
telnet@BBS1000+(config-if-onu-1/1/2)# downstream
maximum-bandwidth 1512 kbps
4 Display ONU2's downstream policy configuration.

OLT LPort
------------------------------------------------------------------------------------
1/1 2 1512 256 0 1 1
Result Analyze
Through the above configuration, when there is downstream data to the Internet
Caf and the Phone Bar, the following bandwidth assignment policies will
apply:igured. c requirement, the nd the Phone bar
The maximum downstream bandwidth for the Internet Caf is 100M.
The maximum downstream bandwidth for the Phone Bar is 1.5M.
When downstream data traffic jam happens, the data with higher priority and
shorter frame will pass through first.
Deleting All the Here only take ONU2 as an example.

Configurations
Restore ONU2's downstream bandwidth configuration
1 Restore ONU2's downstream maximum bandwidth.
telnet@BBS1000+(config-if-onu-1/1/2)# no downstream
maximum-bandwidth
2 Disable ONU2's downstream bandwidth policy.

telnet@BBS1000+(config-if-onu-1/1/2)# no downstream bandwidth
policing
3 Display ONU2's downstream bandwidth configuration.

OLT LPort
------------------------------------------------------------------------------------
1/1 2 1000000 256 0 1 1
Example of ONU p2p Application Description

Policy Configuration The following example is only to demonstrate p2p-stream policy's working
mechanism. From ONU side send data to the GEPON system. And one can
observe the Uplink port and other ONUs' sites data flow receving condition and
therefore analyze whether p2p-stream works.
Example Topology
Figure 54 P2P Stream Policy Configuration
For ONU'sp2p stream Policy parameters, please refer to Table 32.

Table 32 ONU p2p stream Policy Parameters
ONU work mode Max bandwidth Burst size Prefer

ONU1 ONU Access 8M 256Kbytes(default) Enable(default)
ONU2 3M 256Kbytes(default) Enable(default)
ONU3 2M 256Kbytes(default) Enable(default)

Table 33 ONU1's DBA-SLA Parameters
ONU Max bandwidth committed-bandwidth Class

ONU1 20M 10M 0
Configuration Tasks The general tasks involved in configuring ONU p2pstream bandwidth policy are
1 Configure ONU1's work mode as p2p-access
2 Configure ONU2's p2p-stream bandwidth
3 Configure ONU3's p2p-stream bandwidth
4 Display ONU1's DBA-SLA Configuration
5 Configure ONU1's DBA-SLA
Configure ONU1's work mode as p2p-access

1 Logon to the BBS 1000+ system.
Username:admin
Password:******
2 Enter ONU1's Configure command mode.

3 Active ONU1's p2p-access work mode.

telnet@BBS1000+(config-if-onu-1/1/1)# p2p-access policing 2-3
4 Verfiy the configuration.

telnet@BBS1000+(config-if-onu-1/1/1)# show interface epon-olt
1/1 onu 1 summary
-------------------------------------------------------------
authorized
ONU vlan id = 101
User ID = onu_2

RTT TQ = 0
Laser_on_time = 4
Laser_off_time = 4
Mpcp Timeout = 4000
P2p-access policing = enable
Configure ONU1's p2p-stream bandwidth

1 Enable ONU1's p2p-stream policy.
telnet@BBS1000+(config-if-onu-1/1/1)# p2p-stream bandwidth
policing
2 Configure ONU2's p2p-stream maximum bandwidth.

telnet@BBS1000+(config-if-onu-1/1/1)# p2p-stream
maximum-bandwidth 8
3 Display ONU1's p2p bandwidth configuration.

p2p-bandwidth

------------------------------------------------------------------------------------
1/1 1 8000 256 1 1 1

2 Active ONU2's p2p-stream policy.

policing

maximum-bandwidth 3

p2p-bandwidth


------------------------------------------------------------------------------------
1/1 2 3000 256 1 1 1

2 Active ONU3's p2p-stream policy.

policing

maximum-bandwidth 2

p2p-bandwidth
OLT LPort
------------------------------------------------------------------------------------
1/1 3 2000 256 1 1 1
Configure ONU1's DBA-SLA

1 Display ONU1's DBA-SLA Configuration
telnet@BBS1000+(config-if-onu-1/1/3)# show interface epon-ol 1/1 onu 1 dba-sla

(Kbps) (Kbps)
-------------------------------------------------------------------------------
1/1 1 101 10000 100000 32 0 00:07:ba:34:bd:b1
2 Configure ONU1's maximum bandwidth of DBA-SLA.


(Kbps) (Kbps)
-----------------------------------------------------------------------------------
1/1 1 1 10000 20000 30 0 00:07:ba:34:bd:b1
3 Reset ONU to active the ONU1's DBA-SLA configuration.

telnet@BBS1000+(config-if-onu-1/1/1)# reset
Result Analyze On the topology map, ONU1 is in p2p-access Mode. The data is transmitted
from ONU1 to uplink port GE3/2, ONU2 and ONU3. According to the total data
transmitting rate and the DBA-SLA Max. Bandwidth configuration, there are four
cases:
Case1: Transmitting Data Total < DBA-SLA Max. Bandwidth
Table 34 Case1 of p2p Policy
Reciever Tran. Data Rate Rev. Data Rate

GE3/2 10M 10M
ONU2 3M 3M
ONU3 2M 2M
Total 15M 15M
1 The total transmitting data from ONU1 is 15M. And ONU1's DBA-SLA Max
bandwidth is 20M.The total transmitting data from ONU1 is less than ONU1's
upstream bandwidth valueDBA-SLA bandwidth.
2 The total transmitting data from ONU1 to ONU2 and ONU3 is 5M, And ONU1's
p2p-stream Max. bandwidth is 8M. The total transmitting data from ONU1 to
other ONUs is less than ONU1's p2p-stream bandwidth valueMax. Bandwidth.
Therefore, under this case, all data will be transmitted normally
Case2: Transmitting Data Total > DBA-SLA Max. Bandwidth
Rev. Data
Reciever Tran. Data Rate Rate Rate Anay.
GE3/2 10M 8.3M 20M*(10/24)=8.3M
ONU2 8M 4.6M 20M*(14/24)=11.7M 8M*(8/14)=4.6M
ONU3 6M 3.4M 11.7M>8M 8M*(6/14)=3.4M
Total 24M 16.3M
bandwidth is 20M. The total transmitting data from ONU1 exceeds ONU1's
Therefore, according to the percentage of upstream data and the data between
ONUs, one can calculate:
ONU Upstream data: 20M*(10/24)=8.3M
Data between ONUs: 20M*(14/24)=11.7M
2 From the above step1, The total permitted transmitting data from ONU1 to
ONU2 and ONU3 is 11.7M. And ONU1's p2p-stream Max. bandwidth is 8M. The

total transmitting data from ONU1 to other ONUs exceeds ONU1's p2p-stream
bandwidth valueMax. Bandwidth.
Hence one can calculate the actual data from ONU1 to ONU2 and ONU3:
ONU2's received data: 8M*(8/14)=4.6M
ONU3's received data:8M*(6/14)=3.4M
Under this case, the transmitted data jam happens and only part of the data will
be transmitted according to ONU1's DBA-SLA and ONU1 p2p-stream
bandwidthconfiguration.
Since the actural total transmitted data is less than the DBA-SLA Max
bandwidth16.3M<20M, even though data traffic jam happens, part of the
bandwidth is wasted.
This is mainly because the actural data traffic between ONUs exceeds permitted
p2p-stream Max. bandwidth. When this case lasts for a long time, one needs to
modify the p2p-stream Max. bandwidth parameter.
Case3: Transmitting Data Total > DBA-SLA Max. Bandwidth
Rec. Data
Reciever Tran. Data Rate Rate Rate Anay.
GE3/2 30M 17.14M 20M*(30/35)=17.14M
ONU2 3M 1.72M 20M*(5/35)=2.86M 2.86M*(3/5)=1.72M
ONU3 2M 1.14M 2.86M<8M 2.86M*(2/5)=1.14M
Total 35M 20M
bandwidth is 20M. The total transmitting data from ONU1 exceeds ONU1's
Therefore, according to the percentage of upstream data and the data between
ONUs, one can calculate:
ONU Upstream Data: 20M*(30/35)=17.14M
Data between ONUs: 20M*(5/35)=2.86M
2 From the above step 1, the total transmitted data from ONU1 to ONU2 and
ONU3 is 2.86M. And ONU1's p2p-stream Max. bandwidth is 8M. The total
transmitted data from ONU1 to other ONUs is less than ONU1's p2p-stream
bandwidth valueMax. Bandwidth.
From above one can calculate the actural data from ONU1 to ONU2 and ONU3
is:
ONU2's received data: 2.86M*(3/5)=1.72M
ONU3's received data: 2.86M*(2/5)=1.14M
Under this case, data traffic jam happens and the data will be partially
transmitted according to ONU1's DBA-SLA and ONU1 p2p-stream bandwidth

configuration. Since the actural total transmitted data reaches the DBA-SLA
Max bandwidth, no bandwidth is wasted.
Deleting All the Here only take ONU1 as an example.
Configurations
Restore ONU1's p2p-stream bandwidth Configuration
1 Restore ONU1's p2p-stream maximum bandwidth.
telnet@BBS1000+(config-if-onu-1/1/1)# no p2p-stream
maximum-bandwidth
2 Disable ONU2's p2p-stream bandwidth policy.

telnet@BBS1000+(config-if-onu-1/1/1)# no p2p-stream bandwidth
policing
3 Display ONU2's p2p-stream configuration.

p2p-bandwidth

------------------------------------------------------------------------------------
1/1 1 1000 256 0 1 1
Restore ONU1's p2p access

1 Restore ONU1's p2p access mode.
telnet@BBS1000+(config-if-onu-1/1/1)# no p2p-access policing
2 Verify the ONU1's p2p access configuration.

1/1 onu 1 summary
-------------------------------------------------------------
authorized
ONU vlan id = 101
ONU mac address = 00:07:ba:35:a2:ec
User ID =
RTT TQ = 6
Laser_on_time = 4
Laser_off_time = 4
Mpcp Timeout = 4000

ONU Management 221
Restore ONU1's DBA-SLA Configuration

1 Restore ONU1's DBA-SLA maximum bandwidth.
maximum-bandwidth
2 Verify the ONU1's DBA-SLA configuration.

telnet@BBS1000+(config-if-onu-1/1/3)# show interface epon-ol 1/1 onu 1 dba-sla

(Kbps) (Kbps)
-------------------------------------------------------------------------------
1/1 1 101 10000 100000 32 0 00:07:ba:34:bd:b1
ONU Management In this section, we will cover the following three kinds of ONU managements.
ONU Basic Management
ONU OAM Management
ONU Remote Management
ONU Basic Management ONU is usually located on the user side. For convenient management, BBS
1000+ provides CLI commands to manage ONU.
Enable/Disable ONU
shutdown means to prohibit using ONU. Activate ONU using command no
shutdown.
The default status of ONU is no shutdown. User can use the following
command to check ONU's status.

1/1 onu running-config

onu 1
shutdown
dba-sla mac 00:07:ba:35:a2:ec
onu 2
dba-sla mac 00:07:ba:38:9c:b0
Reset ONU
BBS 1000+ provides CLI commands to reset one specific ONU.
For Example:
When user want to start up ONU with Lport 1 of OLT1/1, enter following CLI
command

telnet@BBS1000+(config-if-onu-1/1/1)# reset
Switch-cli
BBS 1000+ provides CLI commands toconfigure ONU's login mode.
This only applies to ONUs that supports CLI commands, for example,
ONU200A.
telnet@BBS1000+(config-if-onu-1/1/1)# switch-cli
ONU200A>
Encryption communication between ONU and OLT

According to the user's requirement, the communication between ONU and OLT
can be encryption. The encryption is compile to AES-128 standard.
Step 1: Enable the encryption on bidirectional or downlink between ONU and

OLT.
Syntax: encryption active <bidirectional | downlink>
Step 2: Configure the encyrpion key used in actived link during the
communication.
Syntax: encryption key {default| update < ASCII String String up to 16 char>}
No configuration is needed in the ONU side.After configurating in the OLT, the

successful registered ONU will communicate in encryption method with OLT.
ONU OAM Management OAM ping

Test the connectivity to remote ONUs from BBS 1000+ OLT.
Syntax: oam ping-onu
OAM link-test
OAM link test is used to test OAM link quality between the OLT and the ONU.
OLT sends specified number of frames at pre-defined frame size to the ONU.
Syntax: oam link-test <frame-size> <total-num-of-frames>
Show ONU OAM Detail

Syntax: show interface epon-olt [module/port] onu [logical-port] oam detail
OAM Link-test Procedure

1 Enter configure terminal interface epon-olt <module/port>
ONU Management 223
Syntax:Configure terminal
interface epon-olt <module/port>
2 Configure ONU OAM link test
Syntax:oam link-test <frame-size> <total-num-of-frames>
Possible Values:
frame-size: 64~1514
num-of-frames: 0~100; 0: stop testing
Default value:
frame-size: 1000
Access Level: 2
Help description: To test onu physical link by specify frame.
3 After link test succeed, PON side will return the following testing result
parameters:
Example:
Link Test results:

link test frame rx = 10
link test err frame rx = 0
link test min delay (uS) = 234
link test mean delay (uS) = 903
link test max delay (uS) = 981
PON loop-back Configuration and exmaple

Pon Loopback test is used to test data link between the OLT and ONU.
Syntax:
pon-loopback start <vlanID>| <cr>
pon-loopback stop <vlanID>| <cr>
When the BBS 1000's working mode is unique tag, use <cr>
parameter.Otherwise specify the test VLAN ID.

There are three states for the ONU.When ONU's is under OAM link test mode, it
can't perform PON loop-back test.
Figure 55 ONU's status
Example Topology
Figure 56 PON Loopback Configuring Topology

ONU Management 225
In the above topology, BBS 1000+'s uplink port GE3/3 is connected to Smartbits
port A and downlink port OLT2/2 is connected to Smartbits port B through
ONU1. Service VLAN 10 is configured on the BBS 1000+ and activate PON
loopback test on VLAN 10. Data packets are sent from Smartbits port B to port A
through BBS 1000+ and the user needs to observe the counters of the BBS
1000+ system. From the counter results, the user can know if the data link
between OLT2/2 and ONU1 is normal or not.
Smartbits is a demo system used to transfer and receive data packets.
Configure Steps
1 Create the test VLAN 10, add ge2/3,ge3/3 as tagged members of this VLAN.
telnet@BBS1000+# show vlan 10
VLAN 10:
Name :
port(s) or group(s) :
Config the tested VLAN ID 10 first:
2 Reset the OLT 2/2 interface.


mac-address-table
Record OLT LPort ONU id LLID Mac_Address Type

-------------------------------------------------------------
1 2/2 1 4 4 00:07:ba:34:74:4c Dynamic
2 2/2 2 12 12 00:07:ba:34:07:90 Dynamic
3 2/2 3 20 20 00:e0:8e:ab:27:63 Dynamic
the ONU in the bold line will to be looped back.
3 Check the ONU's DBA configuration.

telnet@BBS1000+(config-t)# show interface epon-olt 2/2 onu dba-sla

(Kbps) (Kbps)
------------------------------------------------------------------------------------
2/2 1 0 100000 100000 8192 0 00:07:ba:34:74:4c
2/2 2 0 100000 100000 8192 0 00:07:ba:34:07:90
2/2 3 0 600000 800000 254 0 00:e0:8e:ab:27:63
4 Check the ONU's policy configuration.

telnet@BBS1000+(config-t)# show interface epon-olt 2/2 onu 3 downstream-bandwidth

------------------------------------------------------------------------------------
2/2 3 1000000 256 0 1 1
5 Start the ONU's pon loopback test.

telnet@BBS1000+(config-if-onu-2/2/3)# pon-loopback start 10
6 From the SmartBits port A send broadcast traffic to port B. The counter of
broadcast frames sent is 16,624,751.
7 Show the counters on the tested ONU.
telnet@BBS1000+# show interface epon-olt 2/2 onu 3 statistics
-------------------------------------------------------
OLT = 2/2, ONU = 3
Report Frames:
Tx OK .......................... = 97957
Rx OK .......................... = 94361
Gate Frames:
Tx OK .......................... = 155924
Rx OK .......................... = 97959
Sys Frames:
Tx OK .......................... = 0
Rx OK .......................... = 0
Rx Err ......................... = 0
Sys Octets:
Rx OK .......................... = 0
Rx PHY Err ......................... = 0
PON Octets:

ONU Management 227
Tx OK .......................... = 614963605904
Rx OK .......................... = 2211886068816
PON Frames:
Total Tx Dropped ............... = 0
Tx OK .......................... = 16722838
Rx OK .......................... = 16722815
Rx Err ......................... = 0
Rx Oversized ................... = 0
Rx OAM ......................... = 0
Tx OAM ......................... = 0
Rx FCS Error ................... = 0
Rx Multicast ................... = 97956
Tx Multicast ................... = 16722833
Rx Broadcast ................... = 16624751
Tx Broadcast ................... = 0
Registration Request Frames:
Tx OK .......................... = 0
Registration Frames:
Rx OK .......................... = 0
Registration Acknowledge Frames:
Tx OK .......................... = 0
Frames Tx:
Q0 ............................. = 0
Q1 ............................. = 0
Q2 ............................. = 16624751
Q3 ............................. = 0
Q4 ............................. = 0
Q5 ............................. = 0
Q6 ............................. = 0
Q7 ............................. = 0
Frames Dropped:
Q0 ............................. = 0
Q1 ............................. = 0
Q2 ............................. = 0
Q3 ............................. = 0
Q4 ............................. = 0
Q5 ............................. = 0
Q6 ............................. = 0
Q7 ............................. = 0
Radius Statistics:
Messages Sent .............................. = 0
Accounting Msgs Sent ................... = 0
Authentication Msgs Sent ............... = 0
Messages Received .......................... = 0
Accounting Msgs Received ............... = 0
Authentication Msgs Received ........... = 0
Accepted Msgs Received ............. = 0
Rejected Msgs Received ............. = 0
Challenged Msgs Received............ = 0
Accepted Msgs with Wrong Attributes ........ = 0
The Rx Broadcast value above is same as the packts from SmartBits port A.
The Tx value in Q2 above is same as the packts from SmartBits port A.
8 Show the counters on the PON port of OLT.

telnet@BBS1000+# show interface epon-olt 2/2 statistics
-------------------------------------------------------
OLT = 2/2
Report Frames:
Tx OK .......................... = 1831385
Rx OK .......................... = 1827276
Gate Frames:
Tx OK .......................... = 1832226
Rx OK .......................... = 1855896
Sys Frames:
Tx OK .......................... = 0
Rx OK .......................... = 16624751
Rx Err ......................... = 0
Sys Octets:
Tx OK .......................... = 0
Rx OK .......................... = 2260966136
Rx PHY Err ......................... = 0
PON Octets:
Tx OK .......................... = 2326605452
Rx OK .......................... = 2326488476
PON Frames:
Total Tx Dropped ............... = 0
Total Rx Dropped ............... = 0
Rx FCS Error ................... = 0
Rx Multicast ................... = 1829506
Tx Multicast ................... = 1833365
Rx Broadcast ................... = 16624751
Tx Broadcast ................... = 16624751
The Rx and Tx values above is same as the packts from SmartBits port A.
Result Analyze:
From the statistics, the data link between OLT2/2 and ONU 3 is normal.
ONU Remote In this section, we will cover the following four kinds of ONU remote
Management managements.
Remotely upgrade ONU
Remotely change MAC address
Enable/disable ONU UNI port Auto-negotiation
Global enable/disable ONU UNI link status alarm filter on Management
Configure mode
Remotely Upgrade ONU

Currently BBS 1000+ supports remote upgrade for the following ONUs:
ONU100, ONU1000B, ONU1000C, ONU200A and ONU200B. For ONU200A
and ONU200B, the upgrade is done based on modules.
The firmware upgrade methods can be divided into two ways according the
upgrade start time: manual and schedule. The manual way will upgrade the
ONU firmware immediately, while the schedule way will upgrade the ONU
firmware according to the to-be-set start time and the to-be-set duration time.
Follow the following procedures to do ONU firmware remote upgrade.

1 Enter the ONU upgrade configuration command mode.
Syntax:configure terminal
onu-upgrade

ONU Management 229
2 Configure ONU's upgrade method.

Syntax:upgrade manual | schedule
Related commands:
Syntax:show onu-upgrade upgrade
no upgrade manual
3 Configure the to-be-upgraded ONU's hardware type.
Syntax: hw-type type type_num hw-rev version_num manual | schedule
fw-rev new_fw_revnum new_fw_filename
Table 37 type and hw-rev value configuration
Type (Hex) Hw-rev(Hex) ONU Type+ Component

0x02 0x00 ONU100 + PON
0x10 0x00 ONU1000B + PON
0x10 0x01 ONU1000C + PON
0x03 0x00 ONU200A + PON
0x03 0x10 ONU200A + SWITCH
0x03 0x01 ONU200B + PON
0x03 0x11 ONU200B + SWITCH
For the above table, we have the following notes:

ONU200A and ONU200B firmware upgrade is done based on modules.
When configuring parameters typ_num and version_num, user needs to

transform the hexadecimal value into the corresponding decimal value.
fw-rev includes new firmware's version number and file's name.
The new firmware file needs to be saved at directory flash:/onuImage/.
Related commands:
Syntax:show onu-upgrade hw-type
no onu-upgrade hw-type
4 When necessary, user can exclude the ONU that does not need upgrade.
Syntax: exclude module/port/lport manual | schedule
5 Configure the to-be-upgraded ONU.

Syntax:
fw-upgrade module/port/lport manual force| normal
fw-upgrade module/port/lport schedule force| normal start HH:MM [duration
time ]
Possible Values:

force| normal : To prevent accidental wrong upgrade operation, parameter

normal is recommended. Parameter force will force the firmware upgrade,
including upgrade from higher version firmware to lower version. firmware
start HH:MM: The firmware's starting upgrade time when schedul method is
choosen. It references BBS 1000+'s system time.
duration time: The firmware upgrade's duration time. The default value is 150
minutes.
When multiple scheduled firmware upgrades are defined, pay attention that
the time can not overlap. For example, if the first scheduled upgrade is going
to start from 8:00 and the duration time is 150 minutes, the second
scheduled upgrade must start after 10:30.
Related show command:
Syntax:show onu-upgrade fw-type
show clock
no onu-upgrade fw-type
6 Check the upgrade result.
Syntax:show onu-upgrade result {manual | schedule starttime}
Example of ONU remote upgrade
Use manual method, upgrade ONU100 form version 2.1.18 to version 2.1.20.
Figure 57 Remote ONU UpgradeTopology
The four ONU100s are connected to BBS 1000+ 's port OLT1/1 through splitter.
Suppose that those ONUs are registered to BBS 1000+ through logical port
binding.
1 Enter ONU upgrade configuration command mode.
ONU Management 231
BBS1000+(config-t)# onu-upgrade
BBS1000+(config-t-onu-ugp)#
2 Configure ONU's remote upgrade method.

BBS1000+(config-t-onu-ugp)# upgrade manual
3 Display ONU upgrade enable list.

After setting the manual upgrade method through step 2, by default, the system
will activate all ONUs manual upgrade method. When necessary, user can
exclude the ONU that does not need upgrade using CLI command exclude
module/port/lport manual | schedule.
BS1000+(config-t-onu-ugp)# show onu-upgrade upgrade
ONU manual update enable list:

1/1/1-32
1/2/1-32
1/3/1-32
1/4/1-32
2/1/1-32
2/2/1-32
2/3/1-32
2/4/1-32
ONU schedual update enable list:
None
4 Configure ONU's hardware type

For ONU100's type & hw-rev value, refer to the following talbe:
Table 38 ONU100's hardware type
Type (Hex) Hw-rev(Hex) ONU Type+ Component

0x02 0x00 ONU100 + PON
BBS1000+(config-t-onu-ugp)# hw-type type 2 hw-rev 0 manual

fw-rev 2.1.20 2.1.20.bin
Verify that file 2.1.20.bin is indeed in directory flash:/onuImage/.
5 Display ONU's hardware type.

BBS1000+(config-t-onu-ugp)# show onu-upgrade hw-type
Hardware type: 2
Update method: manual
Firmware version: 2.1.20
Image name: 2.1.20.bin
6 Check the registered ONU's information under port OLT1/1.

BBS1000+(config-t-onu-ugp)# show interface epon-olt 1/1 onu-registered

-------------------------------------------------------------
User ID = onu_2
RTT TQ = 2
Laser_on_time = 4
Laser_off_time = 4
--------------------------------------------------------------
User ID = onu_6
RTT TQ = 2
Laser_on_time = 4
Laser_off_time = 4
--------------------------------------------------------------
ONU mac address = 00:07:ba:34:00:59
User ID = onu_1_1_1
RTT TQ = 2
Laser_on_time = 4
Laser_off_time = 4
--------------------------------------------------------------
ONU mac address = 00:07:ba:34:bd:d6
User ID = onu_4
RTT TQ = 2
Laser_on_time = 4
Laser_off_time = 4
7 Configure the to-be-upgraded ONUs and the upgrade method.

BBS1000+(config-t-onu-ugp)# fw-upgrade 1/1/1-4 manual normal
8 Verify the upgrade results.

BBS1000+(config-t-onu-ugp)# show onu-upgrade result manual
Totally 4 items are executed:

Item OLT ONU Type HW Status Target Ver Current Ver MAC Result
----+---+---+-----+---+-------+---------+----------+------------------+------------
1 1/1 1 100 PON Success 02.01.20 02.01.20 00:07:ba:34:bd:b1 Upgrade Success
ONU Management 233
2 1/1 2 100 PON Success 02.01.20 02.01.20 00:07:ba:34:bd:b8 Upgrade Success

3 1/1 3 100 PON Success 02.01.20 02.01.20 00:07:ba:34:bd:d6 Upgrade Success
4 1/1 4 100 PON Success 02.01.20 02.01.20 00:07:ba:34:00:59 Upgrade Success
Totally 0 items do not meet upgrade condition:
Totally 0 items are not executed because of not touched:
Remotely Change MAC Address

System administrator can remotely modify ONU's MAC address according
actual requirement.
BBS1000+(config-t-if-onu-2/4/2)# remote-mgmt
xx:xx:xx:xx:xx:xx
UNI port Auto-negotiation

UNI port is the ONU port that connects to users.UNI port Auto-negotiation
function is, by default, enabled. When the far-end port does not support
auto-negotiation function, user needs to shut down ONU's auto negotiation
function and configure ONU's work rate and full-duplex mode.
For example:Disable auto-negotiation onu1 connected to OLT 2/4 port.
BBS1000+(config-if-onu-2/4/1)# remote-mgmt auto-negotiation

disable 100M full
BBS1000+(config-if-onu-2/4/1)# show interface epon-olt 2/4

onu 1 running-config

onu 1
dba-sla committed-bandwidth 11
remote-mgmt auto-negotiation disabled 100M full
UNI link status alarm filter

UNI link has UP and DOWN two status. By enabling link status's alarm filter
function, the system will log the link status's change. The default link status's
alarm filter function is Enable.
User can use the following command to shut down the status alarm filter:
BBS1000+(config-mgmt)# filter-alarm onu-uni-link-status

disable
BBS1000+(config-mgmt)# show configure running
filter-alarm onu-uni-link-status disabled

After disabling the alarm filter function, user can check UNI port's link status
change at the Trap Server or syslog server if configured with debugging
Severity.
ONU Configuration
Commands
Table 39 ONU Configuring Commands

Enable/disable ONU. [no] shutdown
reset ONU reset
Enter switch CLI switch-cli
Test the connectivity to remote ONUs oam ping-onu
Test link quality between the OLT and the ONU. oam link-test <frame-size> <total-num-of-frames>
Enable/disable ONU UNI link status alarm filter. filter-alarm onu-uni-link-status <enable|disable>
Enable remote ONU auto negotiation remote-mgmt auto-negotiation enable <10M|100M|1000M>
Disable remote ONU auto negotiation remote-mgmt auto-negotiation disable <10M|100M|1000M> <half|full>
Configure remote ONU mac address remote-mgmt mac <H:H:H:H:H:H>
Display ONU brief configuration show interface epon-olt [module/port] onu [logical-port] summary
Display ONU logical port's statistic show interface epon-olt [module/port] onu [logical-port] statistic
Display ONU logical port's running configuration. show interface epon-olt [module/port] onu [logical-port] running-config
Show ONU OAM detail configuration show interface epon-olt [module/port] onu [logical-port] oam detail
information.
ONU Configuration Enter ONU Configuration command

Example List BBS1000+(config-if-olt-2/1)# onu 2
Enable or Disable ONU

BBS1000+(config-if-olt-2/1)# onu 2
BBS1000+(config-if-onu-2/1/2)# shutdown
Show ONU Summary

onu summary
-------------------------------------------------------------

ONU Management 235

authorized
ONU vlan id = 325
ONU mac address = 00:07:ba:34:0a:7a
User ID =
RTT TQ = 2
Laser_on_time = 4
Laser_off_time = 4
Mpcp Timeout = 4000
Show ONU Running Configuration

onu running-config

onu 1
dba-sla mac 00:07:ba:35:a2:ec
onu 2
dba-sla mac 00:07:ba:38:9c:b0
Show ONU Statistics

1/1 onu statistics
-------------------------------------------------------
OLT = 1/1, ONU = 1
Report Frames:
Tx OK .......................... = 2567097
Rx OK .......................... = 2567080
Gate Frames:
Tx OK .......................... = 2580781
Rx OK .......................... = 2602965
Sys Frames:
Tx OK .......................... = 15
Rx OK .......................... = 840960
Rx Err ......................... = 0
Sys Octets:
Rx OK .......................... = 15500566743
Rx PHY Err ......................... = 0
PON Octets:
Tx OK .......................... = 72607127296
Rx OK .......................... = 57228170194375
PON Frames:
Total Tx Dropped ............... = 0
Tx OK .......................... = 3375974
Rx OK .......................... = 8878590
Rx Err ......................... = 0
Rx Oversized ................... = 0
Rx OAM ......................... = 1
Tx OAM ......................... = 1
Rx FCS Error ................... = 0
Rx Multicast ................... = 8878685

Tx Multicast ................... = 2551267

Rx Broadcast ................... = 0
Tx Broadcast ................... = 0
Registration Request Frames:
Tx OK .......................... = 1
Registration Frames:
Rx OK .......................... = 1
Registration Acknowledge Frames:
Tx OK .......................... = 1
Frames Tx:
Q0 ............................. = 826651
Q1 ............................. = 0
Q2 ............................. = 0
Q3 ............................. = 0
Q4 ............................. = 0
Q5 ............................. = 0
Q6 ............................. = 0
Q7 ............................. = 0
Frames Dropped:
Q0 ............................. = 0
Q1 ............................. = 0
Q2 ............................. = 0
Q3 ............................. = 0
Q4 ............................. = 0
Q5 ............................. = 0
Q6 ............................. = 0
Q7 ............................. = 0
Radius Statistics:
Messages Sent .............................. = 0
Accounting Msgs Sent ................... = 0
Authentication Msgs Sent ............... = 0
Messages Received .......................... = 0
Accounting Msgs Received ............... = 0
Authentication Msgs Received ........... = 0
Accepted Msgs Received ............. = 0
Rejected Msgs Received ............. = 0
Challenged Msgs Received............ = 0
Accepted Msgs with Wrong Attributes ........ = 0
-------------------------------------------------------
PON System MAC Through PON MAC Address Table, user can check ONU and its connected
Address Table servers' L2 transmission information.
The PON part of BBS 1000+ system also supports MAC Address Table. This
MAC Address Table is composed by the following parts:
All connected ONU's MAC addresses, ONU's LAN IDs, OLT port number
and their Lport numbers, LLID;
All ONU-connected equipments (PCs, for example) MAC addresses (if any),
ONU's VLAN IDs, OLT port numbers and their Lports numbers, ,LLID.
All items in MAC Address Table are dynamic.
The configurable parameters in MAC address table include

1 The aging time. Its default value is 300 seconds.

PON System MAC Address Table 237
2 The maximum number of ONU-connected equipments (PCs, for example). The

default value is 30.
Supported maximum number of ONU-connected PCs can be
<1..16|30|62|126|254|8190>.
Example:
When setting the maximum ONU-connected PCs number as 6 using CLI

command "dba-sla mac-limit 6" in ONU1, if the 7th PC is to be connected to
ONU1, the connection request will be refused. Only if one of the 6 connected
PC's aging time in MAC address table expires, the 7th PC can get connected to
ONU1.
Show OLT MAC Address Table

telnet@BBS1000+(config-t-if-olt-1/1)# show interface epon-olt mac-address-table

---------------------------------------------------------------------
1 1/1 1 1 1 101 00:07:ba:34:bd:ca Dynamic
2 1/1 2 2 2 102 00:07:ba:34:bd:b1 Dynamic
3 1/1 3 3 3 103 00:07:ba:34:bd:d6 Dynamic
4 1/1 4 4 4 104 00:07:ba:34:bd:e8 Dynamic
5 1/1 5 5 5 105 00:07:ba:34:bd:b8 Dynamic
6 1/1 6 6 6 106 00:0B:DB:0A:3F:78 Dynamic
7 1/1 6 6 6 106 00:07:ba:34:bd:b5 Dynamic
8 1/1 7 7 7 107 00:07:ba:34:bd:d5 Dynamic
9 1/1 8 8 8 108 00:07:ba:34:bd:eb Dynamic
MAC Address
Configuration
Commands
Table 40 MAC Address Configuration Commands
Configure Task CLI Command

BBS1000+(config-t)#
Configure the MAC aging time for PON system pon-sys mac-addr-aging-time <time>
Configure ONU's service level agreements for dynamic bandwidth dba-sla mac-limit<1..16|30|62|126|254|8190>
algorithm.
Display ONU's SLA for DBA, including mac limit for ONU. show interface epon-olt [module/port] onu [logical-port]
dba-sla

Table 40 MAC Address Configuration Commands (continued)
Configure Task CLI Command

Show olt mac address table show interface epon-olt [module/port] mac-address-table
MAC Address Configure Application Description

Example Through MAC limit settings to control user access to BBS 1000+ via ONU.
Topology Example
Figure 58 Configuring PON MAC Address Table
As shown in Figure 58, set ONU's MAC limit as 2. We will describe the MAC
limit mechanism in the following cases:
CASE1: Connect PC1, PC2 and PC3 sequentially to ONU, BBS 1000+ system
will only connect the first two PCs (PC1 and PC2.
CASE2: Through MAC address aging, reset PON's MAC address table. Then,
for example, BBS 1000+ disconnects PC2, BBS 1000+ system will learn PC1
and PC3's MAC addresses.
System Requirement
ONU can be register successfully to the BBS 1000+.
Configuration Tasks Configure ONU's MAC Limit

1 Display ONU MAC limit parameter by default.
telnet@BBS1000+(config-t)# show interface epon-olt 1/1 onu 1 dba-sla

(Kbps) (Kbps)

PON System MAC Address Table 239
-------------------------------------------------------------------------------
1/1 1 101 10000 100000 30 0 00:07:ba:35:a2:ec
2 Configure ONU1's MAC limit number.

telnet@BBS1000+(config-if-onu-1/1/1)# dba-sla mac-limit 2
CASE1: Connect PC1,PC2 and PC3 to ONU

3 Display the PON MAC address table.
telnet@BBS1000+(config-if-onu-1/1/1)# show interface epon-olt mac-address-table

---------------------------------------------------------------------
1 1/1 1 2 2 101 00:0B:DB:0A:3F:70 Dynamic
2 1/1 1 2 2 101 00:0B:DB:0A:3F:80 Dynamic
3 1/1 1 2 2 101 00:07:ba:35:a2:ec Dynamic
4 1/1 2 4 4 102 00:07:ba:38:9c:b0 Dynamic
5 1/1 3 5 5 103 00:07:ba:38:6a:d1 Dynamic
6 1/1 4 8 8 104 00:07:ba:35:99:2d Dynamic
7 1/1 5 9 9 105 00:07:ba:34:06:f7 Dynamic
8 1/1 6 7 7 106 00:07:ba:34:2a:38 Dynamic
9 1/1 7 6 6 107 00:07:11:11:11:aa Dynamic
10 1/1 8 10 10 108 00:07:ba:35:a3:6c Dynamic
11 1/1 9 1 1 109 00:07:ba:39:04:bf Dynamic
12 1/1 10 3 3 110 00:07:ba:34:d3:2e Dynamic
Here we can know that the MAC address of PC1 and PC2 are learned by BBS
1000+ PON system.
Reconfigure MAC Aging timer

1 Check the MAC aging time in the PON system.

olt mismatch monitoring = enabled
olt PAUSE frames monitoring = disabled
2 Reconfigure MAC aging time.

telnet@BBS1000+(config-t)# pon-sys mac-addr-aging-time 10
*** WARNING: Please note that after the timer change, you must
reboot
the box, or reset the OLT's for the system to function
properly.
Are you sure you want to go ahead (y/n) ? y
Successfully changed PON MAC Address Aging Timer.

Please reboot the system or the OLT's.
3 Reboot the OLT1/1 port.

4 Display the PON MAC address table.


---------------------------------------------------------------------
1 1/1 1 10 10 101 00:07:ba:35:a2:ec Dynamic
2 1/1 2 5 5 102 00:07:ba:38:9c:b0 Dynamic
3 1/1 3 4 4 103 00:07:ba:38:6a:d1 Dynamic
4 1/1 4 9 9 104 00:07:ba:35:99:2d Dynamic
5 1/1 5 6 6 105 00:07:ba:34:06:f7 Dynamic
6 1/1 6 1 1 106 00:07:ba:34:2a:38 Dynamic
7 1/1 7 2 2 107 00:07:11:11:11:aa Dynamic
8 1/1 8 7 7 108 00:07:ba:35:a3:6c Dynamic
9 1/1 9 3 3 109 00:07:ba:39:04:bf Dynamic
10 1/1 10 8 8 110 00:07:ba:34:d3:2e Dynamic
CASE2: Disconnect PC2 from ONU.


---------------------------------------------------------------------
1 1/1 1 10 10 101 00:0B:DB:0A:3F:70 Dynamic
2 1/1 1 10 10 101 00:0B:DB:0A:3F:90 Dynamic
3 1/1 1 10 10 101 00:07:ba:35:a2:ec Dynamic
4 1/1 2 5 5 102 00:07:ba:38:9c:b0 Dynamic
5 1/1 3 4 4 103 00:07:ba:38:6a:d1 Dynamic
6 1/1 4 9 9 104 00:07:ba:35:99:2d Dynamic
7 1/1 5 6 6 105 00:07:ba:34:06:f7 Dynamic
8 1/1 6 1 1 106 00:07:ba:34:2a:38 Dynamic
9 1/1 7 2 2 107 00:07:11:11:11:aa Dynamic
10 1/1 8 7 7 108 00:07:ba:35:a3:6c Dynamic
11 1/1 9 3 3 109 00:07:ba:39:04:bf Dynamic
12 1/1 10 8 8 110 00:07:ba:34:d3:2e Dynamic

CONFIGURING REMOTE AUTHENTICATION
8
The BBS 1000+ system can be configured to use one of the following two
authentication methods:
Local authentication (default)
Remote authentication through RADIUS (Remote Authentication Dial-In User
Service) server (IEEE 802.1x)
After enabling remote authentication by issuing the "local-authentication

disabled" command, the BBS 1000+ system will use RADIUS for authentication
and accounting. This section describes the procedures for configuring remote
authentication and accounting using RADIUS.
Understanding The IEEE 802.1x standard defines a client-server based access control and
Remote authentication protocol that prevents unauthorized connection from publicly
Authentication accessible ports without proper authentication. Devices wishing to access
through RADIUS services behind a port under 802.1 x controls must authenticate themselves,
before any data packets originating from the devices are allowed to pass
through. In the cases of authentication failure, the device will be prevented from
accessing the port and therefore will not be able to use the services behind the
port.
The specific roles of the three network components are described below:
ONU system (Example: ONU 200A) The client that requests access to
LAN and OLT services. It also responds to query from the OLT in order to
establish services. IEEE802.1x-compliant client software must run on the
ONU host CPU.
BBS system (Example: BBS 1000+) The Optical Line Terminal (OLT)
board controls the physical access to the network based on the
authentication status of the ONU. It acts as a proxy between the client and
the authentication server, requesting identity information from the ONU,
verifying the information with RADIUS server and replaying it back to the
ONU. This authenticator software runs inside the OLT firmware. The BBS
system includes the RADIUS client on the OLT host CPU, which is
responsible for encapsulating and encapsulating the EAP frames and
interacting with the authentication server.
Authentication Server (RADIUS Server) performs ONU authentication.
The authentication server uses the authentication credentials supplied by the
ONU and notifies the BBS system whether or not the ONU is authorized to

242 Chapter 8: Configuring Remote Authentication
access services. The Authentication server connects to the BBS 1000+ via
UDP connection.
802.1 x /RADIUS The below figure illustrates the 802.1x EAP authentication process model
Process comprised of a PC client, BBS 1000+ and Radius Server. In this model, the
Radius server should support EAP authentication, and the client should support
MD5-chanllenge authentication.
Figure 59 802.1x/RADIUS Authentication Process
An successful 802.1x authentication initiated by the supplicant should go

through the following six steps.
1 The supplicant sends EAPOL-Start frame to the NAS
2 The NAS responds with an EAP-Request/Identity frame to the supplicant, and
requests for credentials
3 The supplicant responds with the credentials to the NAS, and sends
EAP-Response/Identity frame to the NAS. The NAS encapsulates the response
into Radius-Access-Request data frame to the Radius server
4 If the credentials are correct, the Radius server sends
Radius-Access-Challenge frame to the NAS, and the NAS then encapsulates
into EAP-Request frame to the supplicant
5 The supplicant responds the password to the Radius server via MD5 challenge
6 If the password is correct, the Radius server sends Radius-Access-Accept
frame to the NAS, which forwards the EAP-Success frame to the supplicant
after encapsulation

Understanding Remote Authentication through RADIUS 243
RADIUS Authentication RADIUS server includes authentication server and accounting server.
Server and Accounting
Server BBS 1000+ system supports 4 types of RADIUS servers:
ONU authentication
ONU accounting
CLI user authentication
CLI user accounting
For each type of RADIUS server, BBS 1000+ support up to 2 RADIUS servers,
one is primary server and another secondary server as redundancy.

The following diagram depicts the remote authentication and accounting

process flow briefly for both the ONU and CLI users.
Figure 60 ONU /CLI Remote Athentication, Accounting Process
RADIUS Server The basic RADIUS redundancy logic:

Redundancy
At first BBS 1000+ transmits authentication request to the primary RADIUS
server. And then BBS 1000+ waits for reply from the primary RADIUS server
depend on retry times and hold timer.
If retry expires, and RADIUS server auto-switch is enabled, BBS 1000+
transmits authentication request to the secondary RADIUS server and waits
for replay from the secondary RADIUS server depend on retry times and hold
timer. Before switch to another RADIUS server, the BBS 1000+ will try to

Understanding Remote Authentication through RADIUS 245
connect to another RADIUS server first, if that failed, the switch-over failed
and the current RADIUS server will still be used.
After 15 minutes (configurable) on secondary server, BBS 1000+ will try to
switch back to primary server.
Special Requirement for There are some special requirements for CLI user authentication:
CLI User Authentication
If retry expires on secondary server, BBS 1000+ refers to local database and
if it finds account, CLI user can login. This guarantees CLI user can login
even without a RADIUS server.
If there is not account on the Radius server and BBS 1000+ receives "reject"
message, BBS 1000+ disconnects telnet session immediately.
After 3 times (configurable) CLI RADIUS authentication failure, the BBS
1000+ system will automatically switch to use local-DB for CLI user
authentication. This is designed to prevent the user been locked out. Be
noticed, this automatically change would affect user saved configuration,
which means the BBS 1000+ will use pre-saved user-authentication-method
to authenticate CLI user after system reboot.
CLI user's authentication method is systm-database by default. User can enter

the following command to configure the CLI user authentication method.
user-auth-method {radius-serversystem-database}
For Example:
To change CLI user's authentication method to RADIUS server.
BBS1000+(config-mgmt)# user-auth-method radius-server
elnet@BBS1000+(config-mgmt)# show configuration running

system hostname "BBS1000+"
system location "1275 Harbor Bay Parkway, Alameda, CA 94502,
Tel:1(510)864-8800"
system device-id "UTS-0000-0000-0000"
user-auth-method radius-server
Special Parameters for ONU time out

ONU Re-authentication This parameter is the value of waiting interval for EAP packet from BBS 1000+.
Range of this parameter: 1 15360 [Seconds]
Default value: 60 [Seconds]

Re-authentication interval for time out

This parameter is the base value for waiting interval when ONU does not
receive expected packet.
Re-authentication interval for access reject

This parameter is the base value for waiting interval when ONU receives
EAP-failure packet from BBS 1000+.
Re-authentication Parameter Configuration Command
Table 41 Re-authentication Parameter Configuring Commands

BBS1000+(config-t)#
Remote ONU management per system pon-sys remote-mgmt onu-authentication time-out <1-6000>
Set ONU re-authentication interval value,default: 60 (sec) re-authentication interval access-reject <1..15360>
Set ONU re-authentication interval timeout, default: 60 re-authentication interval timeout <1..15360>
(sec)
Display PON system parameters show pon-sys
Display ONU re-authentication interval parameters Show configure running
Configuring 802.1 x RADIUS authentication configuration includes the ONU authentication and CLI
/RADIUS user authentication. BBS 1000+ supports RADIUS server authentication
Authentication redundancy, i.e., you can configure to have the primary and secondary RADIUS
server.

Configuring 802.1 x /RADIUS Authentication 247
To configure ONU authentication and CLI authentication, please follow the

following tasks.
Enabling RADIUS server authentication
Configure ONU authentication
Configuring ONU Primary/Secondary authentication RADIUS server
Configuring RADIUS server realm (supported in onu authentication)
Configure CLI authentication

Configuring CLI user Primary/Secondary authentication RADIUS server
Configuring RADIUS server time-out

Configuring RADIUS server retry times
Configuring RADIUS server auto-switch
Configuring RADIUS server back-to-primary
Configuring NAS IP address
Authentication Display All the Authentication Configuration

Parameters Introduction telnet@BBS1000+# show radius-server
Primary ONU authentication servers:

ip address=192.168.103.100, port=1812, shared key=mypassword
Secondary ONU authentication server:
ip address=0.0.0.0, port=0, shared key=
... ...
Secondary CLI accounting:
Auto switch = Disabled
Timeout = 3 seconds
Retry = 2 times
Back to Primary = 15 minutes
NAS ip address = 0.0.0.0
Realm =
Accounting retry interval = 30
Accounting retry times = 3
Accounting interim interval = 600 seconds
Accounting minimum interval = 600 seconds
Shared Keys
After user set primary RADIUS server shared-keys, the corresponding
secondary RADIUS server will set automatically, vice versa.
Realm
RADIUS server realm is supported only in ONU authentication. It append to the
end of ONU username.

Auto switch
If auto-switch is enabled, the secondary RADIUS server will be used when the
primary RADIUS server does not work, however, the system will continue to
retry to switch back to the primary RADIUS server after certain period. The retry
period and total number of retry times are configurable.
Timeout
User can configure the message timeout value when retry to access the primary
RADIUS server.
NAS
A Network Access Server (NAS) is responsible for passing user information to
designated RADIUS server, and then acting on the returned response. This
function is performed on BBS 1000+ OLT.
Return List on the In order to finish ONU and CLI users' remote authentication, the administrator
Radius Server needs to configure RADIUS server.
The following are the mandatory to-be-configured parameters:

For CLI user
Utstarcom-CLI-access-Level : 0,1,2,10
For ONU user

Utstarcom-Framed-IP-Address
Utstarcom-Framed-IP-Netmask
Utstarcom-Logical-Port-No
Utstarcom-DeviceID
Utstarcom-VLAN-ID
The following are all the configurable parameters:

User-Name
User-Password
Calling-Station-Id
Framed-IP- Address
Framed-IP-Netmask
Default-Gateway
CommittedBandwidth
MaxBandwidth
MaxBurstSize
MaxDelay
Configuring 802.1 x /RADIUS Authentication 249
MaxJitter
Priority
Device-Id
Module-Id
Port-No
Logical-Port-No
Port-Limit
Remote Authentication Typical configuration commands of the Remote Authentication are as following:
Configuration
Commands
Table 42 Remote Authentication Configuring Commands

BBS1000+(config-t)#
Enable remote authentication. pon-sys local-authentication disable
Enable/disable SLA synchronization pon-sys sla-synchronization <disable|enable>
Configure primary/secondary authentication server and radius-server {primary|secondary} {onu|cli}
accounting server for ONU/CLI user {authentication|accounting} ip address <ip-addr> port <port-num>
shared-key <key-str>
Configure realm for radius-server. radius-server realm <ASCII String63>
Enable or disable auto switch between pirmary and radius-server auto-switch <enabled|disabled>
secondary.
Configure what debug level of radius server will be radius-debug {on|off} <debugLevel>
debugged on/off.
Configure after how many minutes switch will back to radius-server back-to-primary <x-minutes>
primary radius server.
Configure retry times to access radius server. radius-server retry <times> default is 2
Configure message timeout to radius server. radius-server timeout <x-seconds>
Configure NAS IP address. radius-server nas-ip-addr <A.B.C.D>
Configure vendor's ID. radius-server vendor-id <id-value>
Configure vendor's attributes radius-server vendor-attributes {attri-list}
Enter Configure Management command mode.
BBS1000+# configure management
Configure CLI user authentication method user-auth-method {radius-serversystem-database}
Display radius server configuration Show radius-server
Display PON system parameters show pon-sys

ONU Remote Application Description

Authentication In the following example ONUs are authenticated by the RADIUS Server. The
Example
RADIUS Server configuration procedures below are based on the topology
shown in Figure 61.
Example Topology
Figure 61 RADIUS Server Authentication Topology
In the topology above, the RADIUS Server is directly connected to the BBS
1000+ Management port.
When the RADIUS Server is connected to the BBS 1000+'s uplink port (In-Band
mode), the uplink port's IP address must be configured.
Configuration Tasks The general tasks involved in configuring RADIUS are given below. After this
task overview, detailed steps are described, using the topology example in
Figure 61.
1 Install the RADUIS Server software on the PC
2 Configure RADUIS
3 Configure BBS 1000+
4 Verify ONU1's RADIUS authentication

ONU Remote Authentication Example 251
Install the RADUIS Server software on the PC

In the following example Steel Belt RADIUS Server software is used and the
Server's IP address is set as 192.168.103.100.
1 Install Steel Belt RADIUS server 4.71 software on the PC.
2 From the UTStarcom CD, copy the files under radius directory shown in Figure
62 to the installation directory "\Radius\Service" on the PC.
Figure 62 List RADIUS Directory
After copying the above directory, the RADIUS server must be restarted.
Configure RADUIS
1 From the Window's Start button, select [Programs/Steel-Belted
RADIUS/Steel-Belted RADIUS Administrator]. The RADIUS server starts up and
the following window is displayed, as shown in Figure 63.
Figure 63 RADIUS Administrator Main Window

2 From the Radius server selection options, select the default setting, Local.
Then click <Connect> to connect with the server. The connection process and
results are displayed in the status box, as shown in Figure 64.
If the RADIUS Server is to be connected remotely, select the Remote option
instead, and then enter the Remote Server's IP address.
Figure 64 RADIUS Connection Results
3 From the option list on the left side of the configuration window, select RAS
Clients. Afterwards the window will display a new set of controls, as shown in
Figure 65.

Figure 65 RADIUS RAS Clients Selection
4 From the Client name dropdown list select ANY, and then from the
Make/model dropdown list select UTStarcom.
5 Click <Edit authentication shared secret...>. The Enter shared secret dialog
box is displayed, as shown in Figure 66.
Figure 66 Edit Authentication password
6 Enter the authentication shared key. (Example: "mypassword")

This shared key should match the one used in Configure BBS 1000+ below.

Figure 67 Steel-Belted Radius Configuration (I)
7 From the option list on the left side of the configuration window, select Users.
Afterwards the window will display a new set of controls, as shown in Figure 68.
Figure 68 RADIUS Users Selection
8 Click <Add> to display the Add New User dialog box, as shown in Figure 69.
Figure 69 Add New User
9 In the Enter user name text box, enter the ONU's ID. (The ONU-ID can be
found on a label on the bottom of the ONU device or via CLI command. In this
example we have used "ONU1".)
10 Click <OK>.
Here the User is an ONU device, so Domain and SecureID does not need to be
configured..
11 After a new user is added the <Set password> button will be enabled. Click
<Set password>. The Enter User Password dialog box is displayed, as shown
in Figure 70.
Figure 70 Enter User Password
The default ONU equipment password is "epon".
12 In the Enter password text box enter "epon" (the default).

13 Leave the default Allow PAP or CHAT option selected, and then click <Set>.

Figure 71 Return List Attributes
14 Select the Return list attributes tab page, and then click <Ins>. The Add New
Attribute dialog box is displayed, as shown in Figure 72.
Figure 72 Add New Attribute
15 From this dialog box new RADIUS attributes can be added using the three step
procedure described below. Add all of the attributes listed in Figure 73 need to
be added.
a Select an attribute from the Available attributes list.
b In the Enter a number text box, enter the attribute value.
c Click <Add>.

Figure 73 Attributes List
16 After adding the new attributes, click<Close>. The Steel-Belted Radius

Configuration dialog box is displayed and the newly added attributes are listed
in the Return list attributes tab page, as shown in Figure 74.
Figure 74 Steel-Belted Radius Configuration (II)
Configure BBS 1000+

In the following section, it is assumed the network is setup as shown in Figure
61, the BBS 1000+ Management port IP address is 192.168.103.227 and the
RADIUS IP address is in the same subnet as the management port
1 According to the topology in Figure 61, connect the ONUs to their corresponding
BBS 1000+ downlink OLT ports.
2 From the CONFIG Terminal command mode, configure BBS 1000+'s
authentication method as "RADIUS".


disabled
3 From the CONFIG Terminal command mode, activate SLA synchronization.

telnet@BBS1000+(config-t)# pon-sys sla-synchronization enable
4 Set the RADIUS server's IP address and the shared key on BBS 1000+.
This shared key must match the one configured in Configure RADUIS on page
251. (In this example "mypassword" is used.)
telnet@BBS1000+(config-t)# radius-server primary onu

authentication ip address 192.168.103.100
Warning: reboot system to take effect for radius server ip

modification.
telnet@BBS1000+(config-t)#radius-server primary onu

authentication shared-key mypassword
Warning: reboot system to take effect for radius server shared key
modification.
5 Check the RADIUS configuration.

telnet@BBS1000+(config-t)# show radius-server

... ...
Timeout = 3 seconds
Retry = 2 times
Realm =
Verify ONU1's RADIUS authentication

1 Enter the following command to enter port OLT1/1's configuration mode.
to activate the OLT port.
3 Enter the exit command to return to CONFIG Terminal command mode.

4 Check the registration status of ONU connected to the OLT port.

OLT state admin phy mac ONU transceiver

self-diag
id state state addr num type
state
-----------------------------------------------------------------------------------
1/1 Running Enabled present 00:e0:8e:88:00:01 1 LTM1-FIBERXON1
passed
5 Check ONU1's registered status.

telnet@BBS1000+# show interface epon-olt 1/1 onu 1 summary
------------------------------------------------------------
authorized
ONU vlan id = 101
ONU mac address = 00:07:ba:34:af:36
User ID = 1010104390472910
RTT TQ = 2
Laser_on_time = 4
Laser_off_time = 4
Practical Configuring Modifying the ONU ID and password

Tips The ONU-ID and password can be modified from the Debug command mode.
Use the following procedures to set the ONU's usernameONU-ID as test, and
its password to pwd.

Figure 75 Modify ONU's username and password
1 Using the topology in Figure 75 as an example, connect the ONU to BBS

1000+'s OLT2/1 port.
2 Set ONU's authentication as local.
telnet@BBS1000+(config-t)#pon-sys local-authentication enable
3 Disable lport and MAC Address binding.

telnet@BBS1000+(config-t)#pon-sys lport-strict-binding
disabled
4 Disable SLA synchronization.

telnet@BBS1000+(config-t)#pon-sys sla-synchronization
disabled
telnet@BBS1000+(config-t)#exit
telnet@BBS1000+#
5 Verify the BBS 1000+ PON system configuration.

telnet@BBS1000+# show pon-sys


CLI User Remote Authentication Example 261
CLI User Remote Application Description

Authentication In the following example CLI users are authenticated by the RADIUS Server.
Example
The RADIUS Server configuration procedures below are based on the topology
shown in Figure 61.
Example Topology
Figure 76 RADIUS Server Authentication Topology
In the topology above, the RADIUS Server is directly connected to the BBS
1000+ Management port.
When the RADIUS Server is connected to the BBS 1000+'s uplink port (In-Band
mode), the uplink port's IP address must be configured.
Configuration Requirement
The RADUIS Server software have been installed on the PCs
Configuration Tasks Configure RADUIS Server

1 From the Window's Start button, select [Programs/Steel-Belted
RADIUS/Steel-Belted RADIUS Administrator]. The RADIUS server starts up and
the following window is displayed, as shown in Figure 63.

Figure 77 RADIUS Administrator Main Window
2 From the Radius server selection options, select the default setting, Local.
Then click <Connect> to connect with the server. The connection process and
results are displayed in the status box, as shown in Figure 64.
If the RADIUS Server is to be connected remotely, select the Remote option
instead, and then enter the Remote Server's IP address.

Figure 78 RADIUS Connection Results
3 From the option list on the left side of the configuration window, select RAS
Clients. Afterwards the window will display a new set of controls, as shown in
Figure 65.
Figure 79 RADIUS RAS Clients Selection

4 From the Client name dropdown list select ANY, and then from the
Make/model dropdown list select UTStarcom.
5 Click <Edit authentication shared secret...>. Then Enter shared secret dialog
box is displayed, as shown in Figure 66.
Figure 80 Edit Authentication password
6 Enter the authentication shared key. (Example: "mypassword")

This shared key should match the one used in Configure BBS 1000+ below.
Figure 81 Steel-Belted Radius Configuration (I)
7 From the option list on the left side of the configuration window, select Users.
Afterwards the window will display a new set of controls, as shown in Figure 68.

Figure 82 RADIUS Users Selection
8 Click <Add> to display the Add New User dialog box, as shown in Figure 69.
Figure 83 Add New User
9 In the Enter user name text box, enter the CLI account. (In this example we use
mytestuser.)
10 Click <OK>.
11 After a new user is added the <Set password> button will be enabled. Click
<Set password>. The Enter User Password dialog box is displayed, as shown
in Figure 70.

Figure 84 Enter User Password
12 In the Enter password text box enter "gepon".

13 Leave the default Allow PAP or CHAT option selected, and then click <Set>.
Figure 85 Return List Attributes
14 Select the Return list attributes tab page, and then click <Ins>. The Add New
Attribute dialog box is displayed, as shown in Figure 72.
Figure 86 Add New Attribute

15 From this dialog box new RADIUS attributes, select

Utstarcom-CLI-Access-Level and enter 10 in the Enter a number text box,
which is displayed as Figure 73.
Figure 87 Add an Attribute
16 Click <Add> to add this attribute and click<Close>. The Steel-Belted Radius
Configuration dialog box is displayed and the newly added attributes are listed
in the Return list attributes tab page, as shown in Figure 74.
Figure 88 Steel-Belted Radius Configuration (II)
Configure RADIUS Server Parameters on the BBS 1000+

2 Set the primary RADIUS server's IP address and the shared key on BBS 1000+.
This shared key must match the one configured in Configure RADUIS on page
251. (In this example "mypassword" is used.)

telnet@BBS1000+(config-t)# radius-server primary cli


modification.
telnet@BBS1000+(config-t)# radius-server primary cli

authentication shared-key mypassword
Warning: reboot system to take effect for radius server shared

key modification.
3 Set the secondary RADSIU server's IP address.

telnet@BBS1000+(config-t)# radius-server secondary cli

modification.
After user set primary RADIUS server shared-keys, the corresponding

secondary RADIUS server will set automatically.
4 Enable auto-switch between primary and secondary RADIUS server.

telnet@BBS1000+(config-t)# radius-server auto-switch enable
5 Reboot BBS 1000+ to activate RADIUS.

telnet@BBS1000+>
6 Check the RADIUS configuration.

telnet@BBS1000+#
telnet@BBS1000+# show radius-server

Primary ONU accounting server:
Secondary ONU accounting server:
Primary CLI authentication server:
Secondary CLI authentication server:
Primary CLI accounting server:
Auto switch = Enabled
Timeout = 3 seconds
Retry = 2 times
Realm =


Configure CLI user's authentication method

1 Enter the Management command mode.
2 Configure CLI user authentication method as RADIUS server.

telnet@BBS1000+(config-mgmt)# user-auth-method radius-server
Verify CLI User RADIUS authentication

Case1: Only connect primary RADIUS server.
Use account-mytestuser and password-gepon to logon the BBS 1000+.
Username:mytestuser
Password:******
telnet@BBS1000+>
Result Analyze
CLI user logs into BBS 1000+ system through primary RADIUS server
authentication.
Case2: Connect primary and secondary RADIUS server both, and primary
server doesn't work normally.
Use account-mytestuser and password-gepon to logon the BBS 1000+.
Username:mytestuser
Password:******
telnet@BBS1000+>
Result Analyze
Since primary RADIUS server can not work normally, by the switch between
primary and secondary servers, CLI user logs in BBS 1000+ system through
secondary RADIUS server authentication.

Case3: Connect primary and secondary RADIUS server both, but primary
server and secondary don't work normally.
1 Add a user
telnet@BBS1000+(config-mgmt)# user add mytestuser gepon 10
2 Use account-mytestuser and password-gepon to logon the BBS 1000+.

Username:mytestuser
Password:******
telnet@BBS1000+>
3 Configure CLI user authentication method.

telnet@BBS1000+# show configure running
user-auth-method system-database
Result Analyze
Since both primary and secondary RADIUS servers cannot work normally, BBS
will automatically switch to local authentication. CLI user logs in BBS 1000+
system through local authentication.
At the same time, by checking system's running configuration, one knows that
the system's authentication is set to local. Only after rebooting the system, can
one change BBS 1000+'s CLI user authentication.
Deleting All the Restore RADIUS Server Configuration

Configuration on the
BBS 1000+
1 Delete the primary RADIUS servers.
BBS1000+(config-t)# no radius-server primary cli
Warning: reboot system to take effect for radius server ip modification.
2 Delete the secondary RADIUS servers.

BBS1000+(config-t)# no radius-server secondary cli
3 Verify the deleting operation.

BBS1000+(config-t)# show radius-server

Primary ONU accounting server:
Secondary ONU accounting server:
Primary CLI authentication server:
Secondary CLI authentication server:
Primary CLI accounting server:
Timeout = 3 seconds
Retry = 2 times
Realm =
Delete User-mytestuser
1 Delete user mytestuser.
BBS1000+(config-mgmt)# user delete mytestuser
Are you sure you want to delete this user (y/n)? y
delete user "mytestuser" success.
2 Verfiy the deleting operation.

BBS1000+(config-mgmt)# show user
User Access
----------------------+---------
admin 10
Restore User Authentication as Local

1 Configure local authentication method for ONU and CLI user.
BBS1000+(config-t)# pon-sys local-authentication enabled
2 Disable the SLA synchronization.

BBS1000+(config-t)# pon-sys sla-synchronization disabled
3 Display the PON system parameters.

BBS1000+(config-t)# show pon-sys



local logical port strict binding = disabled
Configuration 802.1 x RADIUS server accounting is implemented in BBS 1000+ to track CLI users and
/RADIUS Accounting ONU use of system for security enhancement. Same as in the RADIUS server
authentication, BBS 1000+ supports RADIUS server accounting redundancy.
Each time ONU gets authenticated to BBS 1000+, a RADIUS accounting

START message will be sent to the RADIUS accounting server.
Each time ONU unregistered from the BBS100, a RADIUS accounting STOP
message will be sent to the RADIUS accounting server.
Each time a CLI user login into BBS 1000+ using RADIUS authentication, a
RADIUS accounting START message will be sent to the RADIUS accounting
server.
Each time a CLI user log out from the BBS 1000+ (could be user logout, session
timeout, closing telnet session...), a RADIUS accounting STOP message will be
sent to the RADIUS accounting server.
Configuring ONU accounting RADIUS server
Configuring CLI user accounting RADIUS server
telnet@BBS1000+# show radius-server

... ...
Timeout = 3 seconds
Retry = 2 times
Realm =

Configuration 802.1 x /RADIUS Accounting 273
Remote Accounting Typical configuration task of the Remote Accounting are as following:
Configuration
Commands
Table 43 Remote Accounting Configuring Commands

BBS1000+(config-t)#
Enable remote authentication. pon-sys local-authentication disable
Enable/disable SLA synchronization pon-sys sla-synchronization <disable|enable>
Configure primary/secondary authentication server and radius-server {primary|secondary} {onu|cli} {authentication|accounting} ip
accounting server for ONU/CLI user address <ip-addr> port <port-num> shared-key <key-str>
Configure realm for radius-server. radius-server realm <ASCII String63>
Enable or disable auto switch between pirmary and radius-server auto-switch <enabled|disabled>
secondary.
Configure what debug level of radius server will be radius-debug {on|off} <debugLevel>
debugged on/off.
Configure after how many minutes switch will back to radius-server back-to-primary <x-minutes>
primary radius server.
Configure retry times to access radius server. radius-server retry <times>
Configure message timeout to radius server. radius-server timeout <x-seconds>
Configure NAS IP address radius-server nas-ip-addr <A.B.C.D >
Configure radius server accounting retry times. radius-server accounting retry-times <1-30>infinite
Configure radius server accounting retry interval.Unit is radius-server accounting retry-interval <10-100 >
second.
configure radius server accounting interim interval.Unit radius-server accounting interim-interval < <600..10000>
is second
configure radius server accounting minimum interval. radius-server accounting minimum-interval <600..10000>
Unit is second
Remote Accounting To configure ONU accounting and CLI accounting, please follow the following
Configuration tasks.
Procedure
Enabling RADIUS server authentication
Configure ONU accouting
Configuring ONU Primary/Secondary accounting RADIUS server
Configuring RADIUS server realm (supported in onu authentication)
Configure CLI accounting

Configuring CLI user Primary/Secondary accounting RADIUS server
Configuring RADIUS server time-out

Configuring RADIUS server retry times
Configuring RADIUS server auto-switch

Configuring RADIUS server back-to-primary

Configuring NAS IP address
Configuring accounting server parameters
accounting retry-times
accounting retry-interval
accounting interim-interval
accounting minimum-interval

CONFIGURING SYSLOG
9
This chapter describes the BBS 1000+ system log message format, including
log configuration procedures.
For complete information about the syslog message format, structure, severity
level and detailed system message, refer to the GEPON BBS 1000+ System
Message Manual.
Syslog messages can be sent to the console, remote syslog server and/or BBS
1000+ Flash memory.
Console: By default, syslog messages with a severity level higher than 3
(errors) will be displayed on the console screen.
Syslog Server: Up to five syslog servers, each with its own IP address and
UDP port number can be configured. Each server can be configured to
record different facility and severity level messages as required.
Flash: For troubleshooting purposes, critical messages can be sent to the
BBS 1000+ Flash memory. Due to Flash memory size limitation, only the first
128 bytes of the message will be logged.
Understanding the
Concepts
System Log Message BBS 1000+ provides two system log message formats, RFC 3164 format, and
Format Non-RFC 3164 format.
RFC 3164
RFC 3164 is defined for UNIX hosts. Based on RFC 3164, the full format of a
syslog message has three parts:
The first part is the PRI
The second part is the HEADER
The third part is the MSG
The total length of the packet must be 1024 bytes or less.

For detail definition of PRI, HEADER and MSG, refer to RFC 3164.
Example:
syslog:<199>SAT JUL 17 16:20:03 2004 user [admin] has logged into the
system

276 Chapter 9: Configuring Syslog
Non-RFC 3164
The Non-RFC 3164 syslog message format is more suitable for switch/router
devices. This type of message is easier to read and the values could be
defined in message as decimal, chars and hex.
The structure of a Non-RFC 3164 formatted syslog message is shown below:
mm/dd/yy:hh/mm/ss:facility-severity-MNEMONIC:description
Example:
syslog:SAT JUL 17 16:18:18 2004:LOG-7-USER:user [admin] has logged
into the system
Table 44 Non-RFC 3164 Syslog Format Description
Structure Elements Description

mm/dd/yy:hh/mm/ss The timestamp that displays the date and time of the message and
event.
Facility The facility associated with the message (For example, SNMP, PON
and etc.). Refer to Syslog Facility Codes for supported facility codes
Severity level Severity level of the event. Refer to Syslog Severity Level Description
for severity level description.
MNEMONIC The MNEMONIC code is used to identify the event or error type.
MNEMONICS are uppercase character strings.
Description Descriptive information about the event, including related terminal port
numbers, network addresses, etc.
Sending Syslog Specific Syslog messages can be displayed on the Console or recorded in the
Messages to the BBS 1000+ Flash memory. The messages sent to the Console or Flash
Console or Flash memory can be limited according to the message's severity level By default,
Memory severity level 3 (errors) Syslog messages and higher are sent to both the
Console and Flash memory.
This configuration must be performed from the CLI Configure Management

command mode. The syntax for the CLI command used to send Syslog
messages to the Console or Flash memory is shown below.
logging console severity-level
Either the numeric form of the Severity Level or its equivalent Keyword can be
used in the command. Severity Levels along with their related Keywords are
displayed in Table 45.
Table 45 Syslog Severity Level Description
Severity Level Severity level keyword Description

0 emergencies System is down
1 alerts Immediate action required
2 critical Critical condition
3 errors Error condition
4 warnings Warning condition

Understanding the Concepts 277
Table 45 Syslog Severity Level Description (continued)
Severity Level Severity level keyword Description

5 notifications Normal but significant condition
6 informational Informational message only
7 debugging Debug level message
logging flash <alarm|event|others>
Example 1: Displaying Syslog severity level 3 messages on the console
BBS1000+(config-m)# logging console 3
Example 2: Sending alarm messages to Flash memory
BBS1000+ (config-m)# logging flash alarm
Logging Host Server Up to five syslog servers can be connected to the BBS 1000+ system. Each
and Facilities server can be configured to log messages related to one or more facility types.
The minimum severity level of syslog messages to be sent to each server is also
configurable.
Both the IP address and UDP port of the Syslog server is configurable. The
UDP port range is 1 to 65535.
When the Syslog server port is not specified, the default port (514) will be used.
BBS 1000+ system messages are categorized according to the Facility

(hardware device, protocol, module or system software) that produced the
message. The Syslog Facility types are listed in Table 46.
Table 46 Syslog Facility Codes
Code Facility
auth Authorization system
dhcp Dynamic Host Configuration Protocol
eth Ethernet interface
pon Passive Optical Network
snmp Simple Network Management Protocol
sys System
syslog System log message
user User process
When specifying the severity level of Syslog messages to be sent to the Syslog
server, only the severity level keyword can be used. This is different than for
Syslog messages sent to the Console or Flash memory, which can be specified
by either the severity level number or keyword.
System Log Common system log configuration commands are shown in Table 47:
Configuration
Commands
Table 47 Syslog Configuration Commands

Set the message format logging format [non-rfc3164 | rfc3164]
Set the minimum severity level of syslog messages to be sent logging console severity-level
to the console
Set syslog messages to be sent to the Flash memory logging flash <alarm|event|others>
Configuration of the Syslog Server, including Facility Type logging host <ip> <port> facility <facility code> <severity-level>
and severity level to be sent to the server and it IP address
and port
Remove a Syslog server logging no host ip
Display the Syslog configuration show syslog running-config
Display Syslog messages stored in Flash memory show syslog flash [all | kernel | syslog] Decimal
Syslog Configuration The general steps for configuring Syslog are listed below:
Procedure
1 Enter the CLI Configure Management command mode.
2 Set the Syslog message format.
3 Configure Syslog for one or more of the following devices:
Console
BBS 1000+ Flash memory
Syslog Server
4 Display the Syslog configuration.
Syslog Configuration Application Description

Example In the following example the Syslog Server is connected to BBS 1000+ via an
in-band management interface.

Syslog Configuration Example 279
Example Topology
Figure 89 Syslog Configuration Topology
BBS 1000+ connects with the Cisco 3750 switch via BBS 1000+ uplink port
GE3/1. The Cisco switch connects with the Syslog Server via the switch's g1/0/6
interface. In this example, Cisco 3750 is operating as an L2 switch.
Configuration Tasks Configure an SVI on BBS 1000+

1 Create a VLAN and assign a Gigabit-Ethernet port as a tagged member of the
VLAN.
2 Create an SVI using the newly created VLAN (500).

telnet@BBS1000+(config-t-if-vlan-500)# show vlan 500
VLAN 500:
Name :
3 Assign an IP address to the SVI.

255.255.255.0
4 Enable the SVI.

5 Display the SVI configuration.


500

MTU 1500 bytes
bcast: 0 pkt
bcast: 0 pkt
Verify the out-band gateway

When a syslog server is connected to BBS 1000+ via an in-band management
interface, then the out-band gateway should not be configured on BBS 1000+.
If one is configured, then it should be disabled by setting its IP address as
0.0.0.0."
1 Display the boot attribute of BBS 1000+.
telnet@BBS1000+# show boot attributes

ip address : 192.168.103.202
ip mask : 255.255.255.0
next hop : 0.0.0.0
ftp user name : zy
ftp user password : yz
boot file name : 2.30.0.6.stz
boot device : flash
2 If the next hop field is any other value except 0.0.0.0, refer to Verify Out-band
default gateway on page 82 to remove the out-band gateway.
Configure Syslog on BBS 1000+

2 Set the Syslog message format to a Non-RFC 3164 type.

BBS1000+(config-mgmt)# logging format non-rfc3164
3 Configure the Syslog server.

BBS1000+(config-mgmt)# logging host 20.0.0.100 facility user
debugging
BBS1000+(config-mgmt)# logging host 20.0.0.1000 facility

syslog debugging
4 Display the current Syslog configuration.

BBS1000+(config-mgmt)# show syslog running-config

logging format non-rfc3164

logging console error
logging flash error
logging host 20.0.0.100 facility user debugging
logging host 20.0.0.100 facility syslog debugging
Configure the Cisco switch

1 From the Cisco switch's Configure Terminal command mode, create VLAN 500.
3750(config)# vlan 500
3750(config-vlan)#exit
3750(config)#
2 Configure Cisco switch's g1/0/5 L2 interface parameters.

3 Enter the Cisco switch interface configuration mode.
3750(config-if)#
4 Configure port g1/0/5 as trunk mode with dot1q encapsulation.

5 Configure native VLAN 500 for the g/1/0/5 port.

3750(config-if)#switchport trunk native vlan 500
6 Configure g1/0/6 port on Cisco switch as below.

3750(config-if)#switchport mode access
3750(config-if)#switchport access vlan 500
Configure the Syslog Server

1 Install Syslog Server software on the server. In this example 3CDaemon is used.
2 From the Windows Start menu, select <Programs/3CDaemon/3CDaemon> to
start the Syslog server. The 3CDaemon window is displayed, as shown below.

Figure 90 3CDaemon Main Window
3 Click the Syslog Server tab on the left side of the window. The Syslog Server
window is displayed, as shown in Figure 91.
Figure 91 Syslog Server Window
4 Click the <Configure Syslog Server> icon, and then select the Syslog
Configuration tab, as shown in Figure 92.

Figure 92 Syslog Configuration Window
5 From the Syslog Configuration tab page, set the following parameters:
Directory for syslog: D:\gepon
Who can log to this: Anyone
Log message to: One file:Syslog.log
6 Click <OK> when finished.

Set the Syslog Server IP Address
1 Set the Syslog server IP address as shown in the example below.

Figure 93 Set the Syslog server IP address
2 Verify the L3 connection between the Syslog server and BBS 1000+.
c:\> ping 20.0.0.1

3 Logout of BBS 1000+ and then re-login, entering the Privileged EXEC command
mode.
telnet@BBS1000+# logout <ENTER>
Username:admin
Password:******
telnet@BBS1000+#
4 From the Syslog Server, verify that the previous user login operation is recorded
in the syslog. Refer to the screen capture below:
Figure 94 Syslog Server window
Removing All Syslog Remove the syslog configuration

Configurations on BBS
1000+
1 Delete the syslog host configuration.
telnet@BBS1000+(config-mgmt)# logging no host 20.0.0.100
2 Display the syslog configuration.

BBS1000+(config-mgmt)# show syslog running-config
logging format non-rfc3164
logging console error
logging flash error
Remove the SVI

1 Return to the Configure Terminal Command mode.
BBS1000+(config-mgmt)# exit
2 Remove the SVI.



Removing VLAN 500

telnet@BBS1000+(config-t-vlan-500)# no member ge3/3

CONFIGURING RSTP
10
Introduction RSTP The BBS 1000+ RSTP can operate either in RSTP or STP-compatible mode. In
a network, if some devices run STP and some devices run RSTP, The devices
run RSTP should be configured to operate in STP-compatible mode.
Usually a RSTP-capable switch can switch to STP-compatible mode if it is

connected to a switch running STP.
There is a system level parameter related RSTP, enable or disable BPDU

termination.
By default, the BPDU flood is disable.That is, BPDU packects will be forwarded
directorly to CPU. When enable BPDU flood, BPDU packests will flood to all
ports in VLAN.
Use CLI command system bpdu-flood <enable|disable> under Configure

System command mode to configure BPDU flood.
RSTP Configuration Typical configuration task of the RSTP are as following:

Commands
Table 48 RSTP Configuring Commands

BBS1000+(config-t)#
Enable/Disable Rapid Spanning Tree for this vlan spanning-tree <vlanid> [disable| enable]
Set the forward delay time for this vlan spanning-tree <vlanid> forward-delay-time <delay-internal>
Set the Hello Time for this vlan spanning-tree <vlanid> hello-time <hello-internal>
Set the Max Age Time for this vlan spanning-tree <vlanid> max-age-time <max-internal>
Set the bridge priority for this vlan spanning-tree <vlanid> priority <priority>
Enter the GE port(i.e. GE1/2) or Link Aggregation configuration command mode
Set the path cost for this port for this vlan spanning-tree <vlanid> path-cost<cost>
Enable an interface to move directly to forwarding on link up spanning-tree <vlanid> <portfast>

288 Chapter 10: Configuring RSTP
Table 48 RSTP Configuring Commands (continued)

Set the port priority for this port spanning-tree <vlanid> priority <priority>
Show vlans which enable Spanning Tree. show configuration running
Show rapid spanning tree protocol information. show spanning-tree <vlanid>
Show detailed RSTP Information for a vlan show spanning-tree <vlanid> detail
RSTP Configuration
Procedure
1 Enable Rapid Spanning Tree for one VLAN under Configure Terminal command
mode.
2 Configure RSTP parameters for this VLAN under Configure Terminal command
mode if need.
Forward delay time
Hello time
Max Age Time
Bridge priority
3 Display RSTP information on this VLAN .

4 Configure RSTP parameters for the VLAN member (s) under GE port
Configuraion command mode if need.
Path cost
port fast
Bridge priority
5 Display RSTP information on the VLAN member(s).
RSTP Configuration
Example
Application Description In this example, the BBS 1000+ functions as an L2 Switch. The data VLAN is
VALN 10. It is connected to the Cisco 3750 via two links. Spanning-Tree protocol
is activated on both the BBS 1000+ and the Cisico 3750 to maintain a loop-free
topology.

RSTP Configuration Example 289
Example Topology Figure 95 RSTP Configuration Topology
Configuration Requirement
BBS 1000+ PON port OLT 1/1 is running in stack-tag mode.
PCs IP addresses have been configured as the above figure.
Configuration Tasks Configure the ONU's MAC and PON's lport binding

00:07:ba:34:bd:e7
When the communication between ONU and OLT is normal, the CLI
command show interface epon-olt 1/1 mac-address-table can be used to
obtain the ONU's MAC address.

Configure VLAN 10 on BBS 1000+

1 Configure GE3/2 and GE3/4 as tagged member of VLAN 10
VLAN 10:
Name :
port(s) or group(s) :ge1/1, ge3/2,ge3/4
Tagged port(s) or group(s) :ge1/1, ge3/2,ge3/4
2 Add ONU1 to VLAN 10

telnet@BBS1000+(config-t)# inter epon-olt 1/1
telnet@BBS1000+(config-t-if-olt-1/1)#exit
Enable Spanning Tree on the VLAN 10

telnet@BBS1000+(config-t)# spanning-tree 10 enable
telnet@BBS1000+(config-t)# show configuration running
... screen output truncated...

spanning-tree 10 enable
Show Spanning Tree Configuration

telnet@BBS1000+(config-t)# show spanning-tree 10
Vlan 10
Spanning Tree enabled protocol RSTP
Root ID Priority 32778
Address 0011.93c9.0f80
Port ge3/2
Hello Time 2 sec Max Age 20 sec Forwad Delay 15 sec
Bridge ID Priority 61450

Address 0000.1121.160c

Interface Role State Cost Priority Type PortFast

---------- ---------- ---------- ---------- ---------- --------- ----------
ge1/1 DESIGNATED FORWARDING 20000 128 P2P FALSE
ge3/2 ROOT FORWARDING 20000 128 P2P FALSE
ge3/4 ALTERNATE DISCARDING 20000 128 P2P FALSE
Create VLAN 10 on Cisco 3750

1 Configure VLAN 10 .
3750#
3750#conf term
Enter configuration commands, one per line. End with CNTL/Z.
3750(config)#vlan 10
3750(config-vlan)#exit
3750(config)#
2 Cofigure G1/0/4 as tagged member of VLAN 10.

3750(config-if)#switchport
3750(config-if)#switchport mode access
3750(config-if)#switchport access vlan 10
3750(config)#exit
3750#show interface gigabitEthernet 1/0/4 switch

Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 10 (VLAN0010)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging:
enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL

3750#
3 Refer to the step 2, configure g1/0/7 and g1/0/8 ports as below:

3750(config-if)#switchport trunk allowed vlan 10
3750(config)#
3750(config-if)#switchport trunk allowed vlan 10
3750(config)#
Enable Spanning Tree on the VLAN 10

3750(config)#spanning-tree vlan 10
3750#show spanning-tree vlan 10
VLAN0010
Spanning tree enabled protocol ieee
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32778 (priority 32768 sys-id-ext 10)

Aging Time 15
Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------
Gi1/0/7 Desg FWD 20000 128.7 P2p
Gi1/0/8 Desg FWD 20000 128.8 P2p
Gi1/0/4 Desg FWD 20000 128.9 P2p
Verify the Spanning Tree

Two links Case
One link Case
Rescover to Two links Case

Two links Case
1 Perform Ping on PC1.

2 Display RSTP information of VLAN 10 on the BBS 1000+.
telnet@BBS1000+(config-t-if-ge-3/2)# show spanning-tree 10
Vlan 10
Port ge3/2

Address 0000.1121.160c

---------- ---------- ---------- ---------- ---------- --------- ----------
3 Display Spanning Tree information of VLAN 10 on Cisco 3750.

3750#show spanning-tree vlan 10
VLAN0010
Spanning tree enabled protocol ieee
This bridge is the root
Bridge ID Priority 32778 (priority 32768 sys-id-ext 10)

Aging Time 15
Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------
Gi1/0/7 Desg FWD 20000 128.7 P2p
Gi1/0/8 Desg FWD 20000 128.8 P2p
Gi1/0/4 Desg FWD 20000 128.9 P2p
From the display information above, Link1 between GE3/2 and G1/0/7 is
working and Link2 between GE3/4 and G1/0/8 is backup one.
One Link Case.
1 Disconnect Link1 between GE3/2 and G1/0/7 through disabling GE3/2 port on
BBS1000+.
telnet@BBS1000+(config-t-if-ge-3/2)# show inter giga-ethernet

3/2 switch

GE: 3/2
Switchport: Enabled
Name: GE-10
MTU: 1500bytes
Speed: 0Mbps
AdminStatus: Disable
Ingress vlan filter: Enabled
Storm-control multicast: disable
Storm-control broadcast: disable
Storm-control unicast: 5
Link Status: Down
Transceiver Type: None
PVID: 1
2 Display Spanning Tree information of VLAN 10 on the BBS1000+.

Vlan 10
Port ge3/3
Address 0000.1121.160c
---------- ---------- ---------- ---------- ---------- --------- ----------
ge3/2 DISABLED DISABLED 20000000 128 P2P FALSE
working.
Rescover to Two Links Case.
1 Reconnect Link1 between GE3/2 and G1/0/7 through enabling GE3/2 port on
the BBS1000+.
telnet@BBS1000+(config-t-if-ge-3/2)# show inter giga-ethernet

3/2 switch
GE: 3/2
Switchport: Enabled
Name: GE-10
MTU: 1500bytes
Speed: 1000Mbps
AdminStatus: Enable
Ingress vlan filter: Enabled


Storm-control multicast: disable
Storm-control broadcast: disable
Storm-control unicast: 5
Link Status: Up
Transceiver Type: None
PVID: 1
2 Display Spanning Tree information of VLAN 10 on the BBS1000+
Vlan 10
Port ge3/2

Address 0000.1121.160c

---------- ---------- ---------- ---------- ---------- --------- ----------
working and Link2 between GE3/4 and G1/0/8 is backup one.

CONFIGURING DHCP SERVER
11
The Dynamic Host Configuration Protocol (DHCP) server assigns configuration
parameters to DHCP clients. DHCP consists of two components, a protocol for
delivering host-specific configuration parameters from a DHCP server to a client
and a mechanism for allocation of network addresses to clients.
DHCP Configuration To configure the BBS 1000+ DHCP server feature, you will perform the following
Tasks tasks:
Table 49 DHCP Configuring Commands

BBS1000+(config-t)#
Enable DHCP server service dhcp server
Configure DHCP policy service dhcp policy <custom|RFC2131>
Configure DHCP address pool name and enter DHCP pool ip dhcp pool <name>
configuration mode
Enter Configuration IP DHCP pool(i.e. UT) command mode.
BBS1000+(config-t)# ip dhcp pool UT
BBS1000+(config-t-dhcp)#
Configure the DHCP address pool subnet and mask network <network number> <network mask> [class-id]
Include the addresses which are available for DHCP clients included_address <low-addess> [high-address]
Exclude the address that DHCP server should not assign to DHCP excluded-address <low-address> [high-address]
clients
Specify DNS servers dns-server <address1> [address2] [address3]
[adress4][address5] [address6] [address7] [address8]
Specify default router default-router <address>
Configure address lease time lease {days [hours] [minutes] | infinite}
Create manual binding when rfd2131 policy used host <ip address> hardware-address <MAC address>
Create manual binding when sbb policy used host <ip address> vlan-id <vlan-id>
Configure merit-dump merit-dump <str>
Configure root-path root-path <str>
Configure NTP servers ntp-server < address1> [<address2>] [<address3>]
Configure Syslog servers syslog-server < address1> [<address2>] [<address3>]

298 Chapter 11: Configuring DHCP Server
Table 49 DHCP Configuring Commands (continued)

Display DHCP pools information show ip dhcp pool summary
Display DHCP bindings. show ip dhcp binding
Display ip DHCP manual binding. show ip dhcp manual-binding
DHCP Server DHCP Server configuration is performed as described below:

Configuration
Procedure
1 Enable DHCP server globally.
2 Configure DHCP Policy globally.
3 Create DHCP Pool
network
default router
include
DNS (Optional)
lease time (Optional)
Optional DHCP server configuratioin is described below:

1 Create manual binding.
2 Configure merit-dump
3 Configure root-path
4 Configure NTP servers
5 Configure Syslog servers
Configuring DHCP Application Description

Server Example PC and VoIP user get IP addresses from DHCP server--BBS 1000+. The end
user can access the Internet or dial VoIP.

Configuring DHCP Server Example 299
Example Topology
Figure 96 DHCP Configuration Example
The following example creates a routed interface on uplink port GE3/2 and
creates two VLANs, 4093 and 4094. It adds Gigabit Ethernet ports GE1/1,
GE1/2, GE1/3 and GE1/4 to these two VLANs. It thus creates two L3 super SVI
interface 10.10.0.0 and 10.10.1.0 and adds member VLANs to these 2 super
VLANs. After basic BBS1000+ configuration, it enables the DHCP service and
creates DHCP address pool UT-1 and UT-2 .
1 BBS 1000+ PON ports (OLT1/1 and OLT1/4) are assumed to run in stack-tag
mode, and these two ports are active.
2 The configuration of call server related to VoIP has been finished.
3 The configuration related to call server on ONU404 has been finished.
Configuration Tasks The general tasks involved in configuring the BBS 1000+ as DHCP Server are
1 Verify BBS 1000+'s Running Mode
2 Create a Routed Interface
3 L2 Configuration--Create ONU's Service VLANs
4 L2 Configuration--Create Two Super VLANs
5 L3 Configuration--Create two Super SVIs

6 Enable BBS 1000+'s DHCP server
7 DHCP Policy Configuration
8 DHCP Pool Configuration
9 Save the BBS 1000+'s Configuration
10 Configure ONU404-1 and ONU404-2
11 ONU404-1 get IP address from BBS 1000+-DHCP Server
12 PC get IP address from BBS 1000+--DHCP Server
Verify BBS 1000+'s Running Mode

1 Login to the BBS 1000+ and enter the Configure Terminal command mode.
c:\> telnet 192.168.103.227
Login: admin
Password:*****
telnet@BBS1000+#
2 Display BBS 1000+ PON port OLT1/1 mode.


1/1 running-config

no shutdown
oam-limit disable
vlan-mode stack-tag
dba algorithm plato
3 Display BBS 1000+ PON port OLT1/4 mode


1/4 running-config

no shutdown
oam-limit disable
vlan-mode stack-tag

dba algorithm plato

If the above BBS 1000+ PON ports are not running in stack-tag mode. Enter the
following CLI commands to configure BBS 1000+ PON ports vlan mode as
stack-tag.
PON Configuration
Configure ONU's authentication method as local and enable local lport binding
function.
1 Display the BBS 1000+ system parameters.


olp-mode = disabled
If local sla authentication is disabled in the above display information, enter the
following CLI command to enable it:

enabled
If local logical port strict binding is disabled in the above display information,
enter the following CLI command to enable it:

enabled
2 Bind ONU 1's MAC address with BBS 1000+ port OLT1/1's lport 1.

00:07:ba:34:af:36
3 Bind ONU 1's MAC address with BBS 1000+ port OLT1/4's lport 1.


00:07:ba:35:a2:e0
telnet@BBS1000+(config-if-onu-1/4/1)#exit
Create a Routed Interface

1 Create a Routed Interface on BBS 1000+'s uplink port GE3/2.
2 Assign the Routed Interface an IP address of 200.1.2.1.

255.255.255.0
3 Start up the Routed Interface.

L2 Configuration--Create ONU's Service VLANs

1 Create VLAN 50 for VoIP client.
telnet@BBS1000+(config-t-vlan-50)# member ge1/1,ge1/4

untagged
VLAN 50:
Name :
Untagged port(s) or group(s) :ge1/1,ge1/4
2 Reconfigure ONU404's register VLAN ID to VLAN 50.


3 Reconfigure ONU404's register VLAN ID to VLAN 50.

4 Create VLAN100 for ONU404's Data client.

telnet@BBS1000+(config-t)#vlan 100
VLAN 100:
Name :
5 Create VLAN100 for ONU404's Data client.

telnet@BBS1000+(config-t)#vlan 200
VLAN 200:
Name :
L2 Configuration--Create Two Super VLANs

1 Create a VLAN with the ID of 4093.
2 Assign BBS 1000+ downlink GE ports GE1/1 and GE1/4 as tagged members of
VLAN 4093.
tagged
telnet@BBS1000+(config-t-valn-4093)# exit
3 Create a VLAN with the ID of 4094

4 Assign BBS 1000+ downlink GE ports GE1/1 and GE1/4 as untagged members
of VLAN 4094.
untagged
telnet@BBS1000+(config-t-valn-4094)# exit
L3 Configuration--Create two Super SVIs

After L2 configuration is complete, create two overlapping Super SVI interfaces
4093 and 4094.
1 Configure VLAN 4093 as a SVI

3 Add SVI member interfaces(VLAN 100 and 200) to the Super SVI.
telnet@BBS1000+(config-t-if-vlan-4093)# member-vlan 100,200
4 Assign the Super SVI an IP address of 10.10.1.1/24.

255.255.255.0
5 Activate the Super SVI

6 Configure SVI interface 4094 in the same way.

telnet@BBS1000+(config-t-if-vlan-4094)# member-vlan 50

255.255.255.0

7 Verify the Super SVI configuration.


Super Vlan id: 4093
Member: 100,200
Super Vlan id: 4094
Member: 50
MTU 1500 bytes
bcast: 0 pkt
bcast: 0 pkt
MTU 1500 bytes
bcast: 0 pkt
bcast: 0 pkt
Enable BBS 1000+'s DHCP server

telnet@BBS1000+(config-t)# service dhcp server
DHCP Policy Configuration

1 Configure DHCP Policy as RFC2131.
telnet@BBS1000+(config-t)# service dhcp policy rfc2131
2 Verify the DHCP Policy.

telnet@BBS1000+(config-t)# show ip dhcp server policy
DHCP policy: RFC2131
DHCP Pool Configuration

Create two DHCP address pools, UT-1 and UT-2. UT-1 is configured with as
VoIP address pool, UT-2 is configured as data address pool.
1 Create a DHCP address pool and default router for UT-1.
telnet@BBS1000+(config-t)# ip dhcp pool UT-1
telnet@BBS1000+(config-t-dhcp)# network 10.10.0.0

255.255.255.0 UTStarcomONU
telnet@BBS1000+(config-t-dhcp)# default-router 10.10.0.1
telnet@BBS1000+(config-t-dhcp)# included_address 10.10.0.2

10.10.0.254

telnet@BBS1000+(config-t-dhcp)# exit
2 Create a DHCP address pool and default router for UT-2.

telnet@BBS1000+(config-t)# ip dhcp pool UT-2
telnet@BBS1000+(config-t-dhcp)# network 10.10.1.0

255.255.255.0
telnet@BBS1000+(config-t-dhcp)# default-router 10.10.1.1
telnet@BBS1000+(config-t-dhcp)# included_address 10.10.1.2

10.10.1.254
3 Verify the DHCP server configuration.

telnet@BBS1000+(config-t)# show ip dhcp running-config
service dhcp server

service dhcp policy RFC2131
ip dhcp pool UT-1
network 10.10.0.0 255.255.255.0 UTStarcomONU
included_address 10.10.0.2 10.10.0.254
lease 1 0 0
default-router 10.10.0.1
exit
ip dhcp pool UT-2
network 10.10.1.0 255.255.255.0
included_address 10.10.1.2 10.10.1.254
lease 1 0 0
default-router 10.10.1.1
exit
4 Configure the DHCP address lease time.

The lease time is set to 1 day, 12 hours and 30 minutes.
telnet@BBS1000+(config-t-dhcp)# lease 1 12 30
telnet@BBS1000+(config-t-dhcp)#
5 The DHCP configuration is finished, exit from Configure DHCP command mode.
BBS1000+(config-t)#
Save the BBS 1000+'s Configuration

1 Enter the Configure Management command mode and save the configuration.
telnet@BBS1000+ # configure management
2 Save the BBS 1000+'s Configuration


Configure ONU404-1 and ONU404-2

1 Configure ONU404-1's WAN port to get IP address by DHCP, as shown in the
figure below
Figure 97 ONU404-1's WAN Port Configuration
2 Configure ONU404-1's downlink port and uplink port LAN4's VLAN ID as 100,
as shown in the figure below.

Figure 98 ONU404-1s Port Configuration
3 Configure ONU404-1 VoIP to ensure it possible to dial call

Figure 99 ONU404-1 VoIP Configuration
4 Save the configurations and restart.
ONU404-2 can be configured as the ONU404-1.

ONU404-1 get IP address from BBS 1000+-DHCP Server

1 Verify ONU404-1's IP address.
telnet@BBS1000+(config-t)# show ip dhcp binding bind
POOL name: UT-1

=========
IP address Hardware address Vlan Id Lease Expiration Type Lease
------------------------------------------------------------------------------------
10.10.0.3 0007.ba3e.b0ae 50 THU JAN 08 14:59:15 1970 Automatic Bind
POOL name: UT-2

=========
10.10.1.2 0008.741b.1aee 100 THU JAN 08 14:56:07 1970 Automatic Bind
2 Dial VoIP Call

Ensure the configuration, use the phone connecting to ONU404-1 to dial the
phone connecting to ONU404-2.
PC get IP address from BBS 1000+--DHCP Server
PC1 gets a new IP address from DHCP Server through running the following
command:
From PC1:
C:\ >ipconfig/renew
Windows 2000 IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 10.10.1.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.10.1.1

CONFIGURING DHCP RELAY
12
When a DHCP client sends a request to an external DHCP server, the relay
proxy receives the request and forwards it to the external DHCP server. The
relay proxy then sends the DHCP server's response back to the client. The
DHCP client views the relay proxy as a DHCP server, and the DHCP server
sees the relay proxy as a DHCP relay agent.
DHCP Relay To configure BBS 1000+ as a DHCP Relay, the following tasks can be
Configuration Tasks performed as below:
Table 50 DHCP Relay Configuring Commands

BBS1000+(config-t)#
Enable the DHCP Relay service dhcp relay
Configure maximum hops for DHCP agent dhcp-agent max-hop <hopnum>
Configure DHCP Relay information ip dhcp relay information {check | option |
policy<policytype>}
Enter Configuration Super SVI( Super vlan 10) command mode.
BBS1000+(config-t)# interface vlan 10
BBS1000+(config-t-if-vlan-10)#
Configuring DHCP Relay Server's IP address on Super SVI dhcp relay-to <A.B.C.D>
Display DHCP relay agent information gloablly show ip dhcp relay-agent global
Display DHCP relay agent statistics show ip dhcp relay-agent statistics
Display VLAN-based DHCP relay agent information show ip dhcp relay-agent vlan <vlanid>
DHCP Relay Application Description

configuration Example The PCs connected to the ONUs get their IP addresses via a remote DHCP
server. In this situation, BBS 1000+ acts as a DHCP Relay.

312 Chapter 12: Configuring DHCP Relay
Example Topology
Figure 100 DHCP Relay Configuration
In the above figure, two DHCP Servers are connected to BBS 1000+'s uplink
port GE3/1 via the Cisco switch.
1 BBS 1000+ PON ports (OLT1/1 and OLT1/2) are assumed to run in stack-tag
mode, and the two ports are active.
2 ONU1 and ONU2 are bound with the corresponding PON's lport.
3 Configure ONU1 and GE1/1 as the members of VLAN101 also configure
ONU2 and GE1/2 as the members of VLAN 165
Configuration Tasks The tasks involved in configuring DHCP Relay are described below, using the
1 Install the DHCP Server software on both DHCP serversr
2 Configure a Routed Interface on BBS 1000+
3 Create a Super SVI on BBS 1000+
4 Start the DHCP Relay service on BBS 1000+
5 Verify the DHCP Relay configuration
DHCP Relay configuration Example 313
6 Use DHCP Method to Obtain IP Address on PC

7 Test the Redundant DHCP Relay
Install the DHCP Server software on both DHCP servers

In the following example DHCP Server software (DhcpTurbo.exe) is used.
1 Server 1's IP address is set as 60.0.0.1/24.
2 Server 2's IP address is set as 60.0.0.5/24.
Dhcp Turbo.exe is free software. During the installation process choose to
install "server". After the installation is complete, restart the computer.
Configure the DHCP servers

1 From the Window's Start button, select [Programs/DHCP Turbo/DHCP Turbo
NT] to run the DHCP server program. The following window is displayed:
Figure 101 DHCP Server: Server Manager
2 From the left windowpane, expand the This Computer branch and Right click
Scopes, seclect New Scope from the shutcut menu. Create a new Scope is
shown in the following figure.

Figure 102 DHCP Server: New Scope (I)
Set each of the server configuration parameters, as shown in Figure 103.

Figure 103 DHCP Server: New Scope (II)
Name: The Scope's name,

Address Range: IP address range assigned to ONU.
Segment: Uncheck the Local checkbox and set the Relay agent as the
Super SVI's IP address.
3 Click <OK>, return to Properties lable interface in the BBS 1000+ Scope.
Figure 104 BBS 1000+ Scope's Properties Window
4 From BBS 1000+ Scope's Properties window, select options label , and right
click the blank space, choose New... on the pop-up menu, Select Option window
displays as below:
Figure 105 Select Option Window
5 Select Gateways from the list, to display the Gateways dialog box, as shown
below.

Figure 106 Select Gateway Window
6 Enter 50.0.0.10 in the Address to add textbox, and then click <Add>. The item
will be added to the list on the right. Click <OK> when finished. The Options is
displayed as shown below:
Figure 107 Configuring Address
Only DHCP server configurations related to this particular procedure are

described here.
Configure a Routed Interface on BBS 1000+
1 Configure BBS 1000+'s uplink GE3/1 port as a Routed Interface.

2 Assign the Routed Interface an IP address of 40.0.0.10/24.

255.255.255.0
3 Start up the routed interface.

4 Verify the Router Interface configuration on GE3/1.

giga-ethernet 3/1

MTU 1500 bytes
Create a Super SVI on BBS 1000+

1 Create VLAN 1000 and assign BBS 1000+ GE1/1 and GE1/2 ports as tagged
members of the VLAN.
2 Configure VLAN 1000 as an SVI.


255.255.255.0
3 Configure the SVI as a Super-SVI.

4 Add ONU VLAN members to the Super SVI.

5 Enable dhcp relay service

telnet@BBS1000+(config-t)# service dhcp relay
6 Configure the DHCP relay's target addresses, i.e., the two DHCP servers.
telnet@BBS1000+(config-t-if-vlan-1000)# dhcp relay-to
60.0.0.1

telnet@BBS1000+(config-t-if-vlan-1000)# dhcp relay-to

60.0.0.5
7 Enable the Super SVI.

telnet@BBS1000+(config-t-if-vlan-1000)#exit
8 Verify that the Super SVI was configured properly by viewing its configuration
information.
Super Vlan id: 1000
Member: 101,165
Start the DHCP Relay service on BBS 1000+

telnet@BBS1000+(config-t)# service dhcp relay
Verify the DHCP Relay configuration

telnet@BBS1000+(config-t)# show ip dhcp relay-agent global
DHCP relay service is Enabled

Relay information option insertion is Disabled
Relay information check is Disabled
Relay information policy: Replace
Relay information max-hops: 10
telnet@BBS1000+(config-t)# show ip dhcp relay-agent vlan 1000
Vlan 1000, Internet address is 50.0.0.10/24

DHCP Relay agent state: Active
Configured Relay destination:60.0.0.1 60.0.0.5
DHCP gateway: 0.0.0.0
Use DHCP Method to Obtain IP Address on PC

PC1 is used in the following example and is running the Windows 2000
operating system.
1 Set PC1's IP address getting method as DHCP.

Select <Start/Settings/Control Panel/Network and Dial-up Connections>. Right
click the connection icon and choose menu Properties.. In the Components
checked are used by this connection box, click Internet Protocol (TCP/IP).
The following window appears. Select Obtain an IP address automatically.

Figure 108 Internet Protocol (TCP/IP) Properties
2 Enter the following command to get IP address.

From PC1:
C:\> ipconfig/renew

IP Address. . . . . . . . . . . . : 50.0.0.11
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 50.0.0.10
3 Display DHCP Relay information on BBS 1000+

telnet@BBS1000+(config-t)# show ip dhcp relay-agent
statistics
Number of packets relayed:

Bootp Request: 0
Bootp Reply : 0
DHCP Discover: 3
DHCP Request : 1
DHCP Release : 0
DHCP Decline : 0
DHCP Inform : 0
DHCP Offer : 3
DHCP Ack : 1
DHCP Nak : 0
Invalid packets rcvd: 0

Test the Redundant DHCP Relay

1 Disable DHCP service on one DHCP Server.
2 Use DHCP method to obtain IP address.
From PC1:
C:\> ipconfig/release
C:\> ipconfig/renew

IP Address. . . . . . . . . . . . : 50.0.0.14
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 50.0.0.10
If the PC1 requires to be retrieved the same IP address during the first DHCP
request sessions , Dual DHCP Servers should support synchronization
function.
3 Display DHCP Relay information on BBS 1000+.
telnet@BBS1000+(config-t)# show ip dhcp relay-agent
statistics
Number of packets relayed:

Bootp Request: 0
Bootp Reply : 0
DHCP Discover: 64
DHCP Request : 45
DHCP Release : 0
DHCP Decline : 0
DHCP Inform : 0
DHCP Offer : 37
DHCP Ack : 18
DHCP Nak : 0
Invalid packets rcvd: 3

CONFIGURING MULTICAST
13
Multicasting is used to support real-time applications such as video
conferencing and streaming audio. A multicast server does not need to establish
a separate connection with each client. It simply transmits its service to the
network. Any host that wants to receive the multicast service must register with
its local multicast switch/router.
BBS 1000+ supports layer 2 and layer 3 multicast, including:

IGMP snooping (layer 2)
IGMP proxy (layer 3)
Multicast Address Multicast IP addresses are Class D IP addresses, which include a range of IP
addresses from 224.0.0.0 to 239.255.255.255.
Some Multicast IP addresses, for example those listed below, are reserved for
special use.
224.0.0.1 All multicast-capable hosts
224.0.0.2 All multicast-capable routers
224.0.0.4 All DVMRP routes
224.0.0.5 All OSPF routers
224.0.0.13 All PIM routes
In general, addresses from 224.0.0.1 to 224.0.0.255 are reserved for use by

various protocols.
Configuring IGMP BBS 1000+ can use IGMP snooping to suppress the flooding of multicast traffic
Snooping by dynamically configuring ports so that multicast traffic is only forwarded to
ports associated with IP multicast devices.
As the name implies, IGMP snooping requires the LAN switch to snoop on the
IGMP transmissions between the host and the router, and keep track of
multicast groups and member ports.
IGMP Snooping Work On the BBS 1000+ system IGMP snooping can be enabled at either the Global
Mode or VLAN level. By default Global IGMP snooping is disabled and IGMP
snooping on individual VLAN is also disabled.
322 Chapter 13: Configuring Multicast
When IGMP snooping is enabled at the Global level, then IGMP snooping is
enabled on all VLANs and individual VLAN cannot be disabled. When Global
IGMP snooping is disabled, IGMP snooping on all VLANs is disabled by
default , but can be enabled on individual VLAN.
Layer 2 multicast table entries are learned by IGMP snooping.
When an IGMP Report message is received by the IGMP snooping enabled

switch, the port that received the Report message will be a member of the group
for a specified time period (Default: 300 seconds). This membership Ageing
Time-Out period can be modifyied by administrator.
Members can be configured statically, which will never time-out.
IGMP Snooping To configure the BBS 1000+ IGMP Snooping feature, you will perform the
Configuring Tasks following tasks:
Table 51 IGMP Snooping Configuring Commands

BBS1000+(config-t)#
Enable or Disable IGMP snooping on VLAN [no] ip igmp snooping
Enter VLAN(i.e. VLAN 10) configuration command mode.
BBS1000+(config-t)#vlan 10
Enable or Disable IGMP Snooping [no] ip igmp snooping
Configuration IGMPSnooping parameters [no] ip igmp snooping < last-member-age-timer |
mc-age-timer | router-age-timer | src-only-mc-age-timer >
<timer-in-second>
Display igmp snooping configuration on specific VLAN. show ip igmp snooping vlan <vlanid>
IGMP Snooping Application Description

Configuration In the figure below, PCs connected to ONU1-3 all receive Multicast traffic.
Example
IGMP snooping configuration is described using the following example.

IGMP Snooping Configuration Example 323
Example Topology
Figure 109 IGMP Snooping Configuration
In the above figure, BBS 1000+ is connected to multicast source PC4 via uplink
port GE3/1. Downlink port OLT1/1 connects to ONU1-3 through a splitter. Port
GE3/1, GE1/1 and ONU1-3 belong to VLAN10. PC1 to PC3 each connect to
their corresponding ONU (ONU1-3). PC1-3 are all group members and expect
multicast traffic from BBS 1000+.
In this example, PC4 sends multicast traffic by running Wsend.exe program .

The three PCs receive multicast traffic by running the Wlisten.exe program.
Wsend.exe sends multicast traffic to Multicast group IP Addresses as

specified.
Wlisten.exe sends report messages to join a particular multicast group
and receive multicast traffic forwarded by BBS 1000+.
1 BBS 1000+ PON ports OLT1/1 are assumed to run in stack-tag mode, and the
port is active.
2 ONU1, ONU2 and ONU3 are bound with the corresponding PON's lport.

Configuration Tasks The following IGMP snooping configuration tasks are described using the
1 Create Service VLAN 10
2 Perform IGMP Snooping Service
3 Check IGMP group information on BBS 1000+
Create Service VLAN 10

1 Login to the BBS 1000+ via the out-band interface and enter the Configuration
command mode.
c:\> telnet 192.168.103.227
Login: admin
Password:*****
telnet@BBS1000+#
2 Create VLAN10 and add GE1/1 as a tagged member and GE3/1 as an

untagged member.
3 Set the PVID for GE3/1.

4 Enable the PON port OLT1/1 & the GE3/1


5 Reconfigure ONU1-3 as the members of VLAN 10.

telnet@BBS1000+(config-t-if-olt-1/1)# onu-vlan 1-3 10
Enable IGMP Snooping on VLAN

1 Here it is assumed that Global IGMP snooping is disabled. The commands
below enable IGMP snooping on a particular VLAN.
telnet@BBS1000+(config-t-vlan-10)# ip igmp snooping
2 Enabled IP multicast routing

telnet@BBS1000+(config-t)# ip multicast-routing
3 View the IGMP Snooping configuration information on VLAN.

telnet@BBS1000+(config-t)# show ip igmp snooping vlan 10
IGMP Snooping on vlan 10 has 0 entries

IGMP Snooping on Vlan 10 is enabled.
Multicast Age Time : 180 seconds
Router Age Time : 180 seconds
Source Only Multicast Age Time: 300 seconds
Last Member Age Time : 1 seconds
Perform IGMP Snooping Service

1 PC2's statically assigned IP address is 192.168.1.100/24.
2 Start the Wlisten.exe program on PC2.
3 From the WListen window's main menu, select [Multicasts/New].
The Multicast dialog box is displayed, as shown in the figure below.
4 Add a new multicast session by entering the appropriate values.
Figure 110 Add Multicast Group
The parameters in the above dialog box are described below:

IP: The Multicast group address.

Port: The UDP port of the multicast stream which member expect to
receive
NIC: The IP address of PC2.
5 Click <Add> to add a group.

6 Click <Close> to finish.
7 From the WListen window, right-click on the newly created group and select
[Join] from the shortcut menu.
Figure 111 Initiate the Multicast Join Report
8 Assign a static IP address to PC4 (192.168.1.10/24).

9 Start the WSend.exe program on PC4.
10 From the WSend window's main menu, select [Sessions/New Multicast...].
11 From the Configure Multicast dialog box, as shown in the figure below, enter the
appropriate parameters as described below.
Figure 112 Configure Multicast

IP Address: The Multicast address of the group
Port: The UDP port of the multicast stream

NIC: The IP address of PC4

TTL: Use the default value.
Payload: Use the default value.
DWORD pad: Use the default value.
Throttle (bits/sec): Select the check box, and set 8192 from the pulldown
ist.
12 From the WSend window, right lick on the newly created group and select [
Start].
Figure 113 Initiate Multicast Group
13 From PC2, check the WListen window, as shown in figure below:

Figure 114 Check WListen Packet Number on PC2
14 The number of packets received by WListen (Figure 114) and sent by WSend
(Figure 113) are the same, this confirms that IGMP snooping is working on BBS
1000+.
Check IGMP group information on BBS 1000+
telnet@BBS1000+(config-t)# show ip igmp snooping vlan 10
IGMP Snooping on vlan 10 has 1 entries
IGMP Snooping on Vlan 10 is enabled.
Multicast Age Time : 180 seconds
Router Age Time : 180 seconds
Source Only Multicast Age Time: 300 seconds
Last Member Age Time : 1 seconds
The IP multicast group is:
Ip Address Vlan Type Ports
-------------------------------------------------------------
225.1.1.1 10 dynamic ge1/1

Configuring IGMP BBS 1000+ supports RFC 2236 IGMP version 2.

Proxy
The following figure shows a typical BBS 1000+ system in an IGMP proxy
configuration.
To enable IGMP proxy on BBS 1000+, IGMP proxy should be configured on the
appropriate BBS 1000+ uplink L3 interface. The corresponding interface on the
upstream router should be running IGMP. All BBS 1000+ downlink interfaces
associated with a multicast group should be configured to run IGMP.
Figure 115 IGMP Proxy Configuration
When BBS 1000+ functions as a IGMP proxy, it performs the following tasks on
behalf of the host:
1 When queried, sends IGMP Reports to the specified group.

Configuring IGMP Proxy 329
2 If a host wants to join a new group, it sends unsolicited Report message to the
new group.
3 When the last member of the particular wants to leave, it will send an unsolicited
Leave message to BBS 1000+.
IGMP Proxy Configuring To configure the BBS 1000+ IGMP Proxy feature, you will perform the following
Tasks tasks:
Table 52 IGMP Proxy Configuring Commands

BBS1000+(config-t)#
Enable or Disable Multicast Routing globally [no] ip multicast-routing
Enable or Disable IGMP Proxy globally [no] ip igmp-proxy
Enter the GE port(i.e. GE3/1) , Link Aggregation or Interface VLAN configuration command mode
Enable or Disable IGMP Proxy on Uplink Interfaces [no] ip igmp-proxy
* Enable or Disable IGMPV2 on Downlink Interfaces [no] ip igmp version 2
Configure IGMP Timers
group-membership-interval ip igmp group-membership-interval <sec>
query-interval ip igmp query-interval <sec>
query-response-interval ip igmp query-response-interval <sec>
last-member-query-interval ip igmp last-member-query-interval <sec>
startup-query-interval ip igmp startup-query-interval <sec>
unsolicited-report-interval ip igmp unsolicited-report-interval <sec>
static-group ip igmp static-group <A.B.C.D>
Display ip igmp groups database show ip igmp groups
Display ip igmp interface database show ip igmp interface
For * noted configuring task, there is a note below:
In order for multicast traffic to travel from source to destination nodes, ensure
that a PING message can pass between them.
On the upstream CISCO router, ensure that "IP multicast-routing" and "IGMP
version 2" for the associated interfaces are both activated.

Configuring IGMP Proxy IGMP Proxy configuration is performed as below:

Procedure
1 Enable IP Multicasting globally.
2 Enable IGMP Proxy Globally
3 Enable IP Multicasting on all VLAN members of the Super VLAN.
4 Enable IGMP Proxy and IGMP Version 2 on the Uplink port
5 Activate IGMP Version 2 on the Super-SVI
IGMP Proxy Application Description

Configuring Example In the following example PCs connected to ONU1-2 in Figure 116 receive
multicast packets via IGMP proxy.
IGMP Proxy configuration is described below using the topology in Figure 116
as an example.
Example Topology
Figure 116 IGMP Proxy Configuration
In Figure 116, BBS 1000+ connects to multicast source PC3 via uplink port
GE3/1. Downlink port OLT1/1 connects to ONU1-2 through a splitter. Port GE1/1
and ONU1-2 belong to the Super SVI, which has an IP address of 192.168.1.1.
PC1 and PC2 connect to ONU1 and ONU2, respectively. PC1 and PC2 are
members. They receive multicast traffic from BBS 1000+ using IGMP Proxy

IGMP Proxy Configuring Example 331
In this example, multicast source PC3 is running the Wsend.exe program to

send multicast traffic. PC1 and PC2 are running the Wlisten.exe program to
receive multicast traffic.
Wsend.exe sends multicast traffic to Multicast group IP Addresses as specified.
Wlisten.exe sends report messages to join a particular multicast group and

receive multicast traffic forwarded by BBS 1000+.
Configuration Tasks The procedures for configuring IGMP Proxy are described below, using the
1 Configure a Routed Interface
2 Start up PON Port OLT1/1
3 Configure Super SVI
4 Configure IGMP Proxy
5 Multicast is enabled on interfaceAdd host route
6 Perform IGMP Proxy Service
7 Check IGMP group information on BBS 1000+
Configure a Routed Interface

1 Login to the BBS 1000+ via the out-band interface and enter the Configuration
command mode.
c:\> telnet 192.168.103.227
Login: admin
Password:*****
telnet@BBS1000+#
2 Configure BBS 1000+ GE3/1 as a Routed Interface.

3 Assign an IP address to the Routed Interface.

255.255.255.0
4 Activate the Routed Interface.


Configure ONUs' Lport Binding

1 Enter the OLT1/1 port configuration command mode
2 Assign logical port 1 to the ONU1's MAC address, for example,

00:07:ba:34:e2:17.
An ONU's MAC address can be found on its back cover.

00:07:ba:34:e2:17
3 Assign logical port 2 to the ONU2's MAC address, for

example,00:07:ba:34:e6:5c

00:07:ba:34:e6:5c
Start up PON Port OLT1/1

1 Enter the OLT1/1 port configuration command mode.
2 Start up the port.

Configure Super SVI

1 Create a VLAN with an appropriate ID. In this example the VLAN ID is 4094.

2 Add GE1/1 as a tagged member of this VLAN.

3 Configure this VLAN as an SVI.

telnet@BBS1000+(config-t-if-vlan-4094)# ip address
192.168.1.1 255.255.255.0
4 Configure this SVI as a Super SVI.

5 Add VLAN 101-102 as members of this Super SVI.

telnet@BBS1000+(config-t-if-vlan-4094)# member-vlan 101-102
6 Activate the Super SVI.

Configure IGMP Proxy

1 Enable IP Multicast-routing on BBS 1000+ globally.
telnet@BBS1000+(config-t)# ip multicast-routing
2 Enable IGMP Proxy on BBS 1000+ Globally

telnet@BBS1000+(config-t)# ip igmp-proxy
3 Enable IP Multicasting on all VLAN members of the Super VLAN.

telnet@BBS1000+(config-t)# ip multicast vlan 4094
4 Enable IGMP Proxy on the Uplink port

telnet@BBS1000+(config-t-if-ge-3/1)# ip igmp-proxy
telnet@BBS1000+(config-t-if-ge-3/1)# ip igmp version 2
5 Activate IGMP Version 2 on the Super-SVI

telnet@BBS1000+(config-t-if-vlan-4094)# ip igmp version 2

6 View the IGMP configuration information

telnet@BBS1000+(config-t)# show ip igmp interface
Pay particular attention to the information in bold typeface

below.
IGMP version 2 is enabled on interface
IGMP query router is 192.168.10.1
IGMP robustness is 2
IGMP query interval is 125 seconds
IGMP query current value is 43 seconds
IGMP query maximum response is 10 seconds
IGMP unsolicited report interval is 10 seconds
IGMP start up query interval is 31 seconds
IGMP group membership interval is 260 seconds
IGMP last member query interval is 1 seconds
IGMP querier present timeout is 255 seconds
IGMP querier present timeout current value is 173
seconds
IGMP Proxy is enabled on interface
Multicast is enabled on interface

IGMP version 2 is enabled on interface
IGMP query router is 192.168.1.1
IGMP robustness is 2
IGMP query interval is 125 seconds
IGMP query current value is 1 seconds
IGMP query maximum response is 10 seconds
IGMP unsolicited report interval is 10 seconds
IGMP start up query interval is 31 seconds
IGMP group membership interval is 260 seconds
IGMP last member query interval is 1 seconds
IGMP querier present timeout is 255 seconds
IGMP querier present timeout current value is 255
seconds
IGMP Proxy is disabled on interface
Multicast is enabled on interfaceAdd host route
1 Add the host route by issuing the following command, where:

192.168.1.100 is the PC1's IP address
Vlan 4094 indicates the SVI
Subvlan 101 indicates the sub-VLAN of the SVI (The ONU's VLAN)
Mem ge1/1 is the physical GE port of SVI

2 Display the ARP information.



Expire(secs)
------------------+-----------------+--------+----------+----
192.168.1.100 00:0B:DB:0A:3F:78 static Vlan101 353
Perform IGMP Proxy Service

1 PC1's statically assigned IP address is 192.168.1.100/24.
2 Start the Wlisten.exe program on PC1.
3 From the WListen window's main menu, select [Multicasts/New].
The Multicast dialog box is displayed, as shown in Figure 117.
4 And add a new group session by entering the appropriate values.
Figure 117 Add Multicast Group

IP: The Multicast address of the group
Port: The UDP port of the multicast stream which member expect to
receive
NIC: The IP address of PC1.
5 When finished click <Add>.

6 When finished adding members of the group, click <Close>.
7 From the WListen window, right-click on the newly created entry and select
[Join] from the shortcut menu.
Figure 118 Initiate Multicast Join Report

8 Assign a static IP address to PC3 (192.168.0.100/24).

9 Start the WSend.exe program on PC3.
10 From the WSend window's main menu, select [Sessions/New Multicast...].
11 From the Configure Multicast dialog box, as shown in Figure 119, enter the
appropriate parameters as described below.
Figure 119 Configure Multicast
IP Address: the Multicast address of the group

Port: The UDP port of the multicast stream
NIC: The IP address of PC4
TTL: Use the default value.
Payload: Use the default value.
DWORD pad: Use the default value.
Throttle (bits/sec): Select the check box, and set 8192 from the pulldown
list.
12 From the WSend window, as shown in Figure 120, right-click on the newly
created entry and select [Start].
Figure 120 Initiate Multicast Packets
13 From PC1, check the WListen window, as shown in Figure 121:

Figure 121 Check WListen Packet Number
14 The number of packets received by WListen (Figure 121) and sent by WSend
(Figure 120) are the same, this confirms IGMP Proxy is working on BBS 1000+.
Check IGMP group information on BBS 1000+
1 Issue the following command to display all members of all IGMP groups.
telnet@BBS1000+(config-t)# show ip igmp groups
Group Address interface State Expires Last Reporter Report Delay

---------------+----------+---------+---------+---------------+-----------
225.1.1.1 Vlan4094 Member 253 192.168.1.100 0
2 Issue the following command to display individual member information.

telnet@BBS1000+(config-t)# show interface epon-olt 1/1 onu 1
igmp-table
OLT ID LPort MAC Address
--------------------------------------------------
1/1 1 01:00:5e:01:01:01

CONFIGURING ACL
14
An Access Control List (ACL) is used to filter packets for limiting network traffic
and restricting network access to specific users or devices. ACLs filter traffic
before it can access or be forwarded by the BBS 1000+ system. Specific rules
are defined in the ACL to either permit or deny packet access to the BBS 1000+
CPU or its specified interfaces. An ACL is a sequential collection of permit and
deny conditions that are applied to ingress packets. When a packet is received
at an interface, the switch compares the packet fields against the applied ACLs
to verify if the packet has the required permission to be forwarded. One by one,
the packet is tested against the list of filter conditions in the ACL. The first match
decides whether the switch accepts or rejects the packets. Because the switch
stops testing packets after the first match, the order of conditions in the list is
critical. If no conditions match, the default action is used to handle the packet.
ACL Work Mode Currently two default actions are supported by the access control list: deny and
permit. These are the actions performed when traffic does not match any of the
specified ACL rules.
On BBS 1000+, packets are either forwarded or system-processed : For

detailed information, refer to the following table.
Table 53 Compare Forwarding and Access mode
Packet processing Methods Forwarding System-processing

Traffic is transparently forwarded Traffic is processed by BBS1000+
Description through BBS1000+
Permit: If the packets do not match any Deny: If the packets do not match any
defined rule, take this action. That is, defined rule, take this action. That is,
Default Action they will be forwarded. they will be dropped.
ACL Configuration There are two methods for defining and applying the ACL: Using ACL profile
Tasks and ACL CLI. When using ACL profile, we should import the ACL profile via
FTP.

340 Chapter 14: Configuring ACL
Table 54 lists the commands using ACL profile.

Table 54 ACL Profile related CLI Comands List
ACL Configuration Tasks CLI Commands

BBS1000+(config-t)#
Import the ACL profile from the file system to the BBS1000+ database. import directory-and-filename to profile profile-number
Clear the ACL profile(s) saved in the BBS 1000+ database. clear-database-acl {profileID | filename| cr}
Apply or disable the ACL to individual GE or link aggregation ports. [no] apply-acl-profile profile-number
Apply or disable the default pre-configured ACL action on a specific L2 [no] acl-default-action pre-configuration
port.
Apply or disable the ACL profile on BBS1000+ CPU interface. [no] apply-mgmt-acl-profile profile-number
Display profile(s) saved in the BBS1000+ database. show database-acl-record
Display all interfaces which have ACL rules applied to them. show acl-applied-interface
Table 55 lists the commands using ACL CLI.

Table 55 ACL List related CLI Commands List

BBS1000+(config-t)#
Configure or delete MAC access list [no]access-list {mac <file-name>}
Configure or delete ARP access list [no]access-list {arp <file-name>}
Configure or delete IP access list [no]access-list ip {standard| extended <file-name>}
Enter ACL List(i.e. MAC ACL list) Confguration command mode.
BBS1000+(config-t)# access-list mac aa
BBS1000+(config-t-macl)#

ACL Configuration Tasks 341
Table 55 ACL List related CLI Commands List (continued)

Configure ACL rule for MAC access list [no] deny | permit <etherii-ip | etherii-arp| 802_3-ip |802_3-arp> smac
<src-addr> dmac<dst-addr> opt1 {vlan|priority} <value> opt2 {vlan|priority}
<value>
[no] remark <new_prio> <etherii-ip | etherii-arp| 802_3-ip |802_3-arp> smac

<src-addr> dmac<dst-addr> opt1 {vlan|priority} <value> opt2 {vlan|priority}
<value>
[no] redirect_ucast <out_untag|out_tag> <out_port> <etherii-ip | etherii-arp|
802_3-ip |802_3-arp> smac <src-addr> dmac<dst-addr> opt1 {vlan|priority}
<value> opt2 {vlan|priority} <value>
[no] rate_limit <bandwidth> <burst-size> <etherii-ip | etherii-arp| 802_3-ip
|802_3-arp> smac <src-addr> dmac<dst-addr> opt1 {vlan|priority} <value>
opt2 {vlan|priority} <value>
Configure ACL rule for ARP access list [no] deny| permit <etherii-arp | 802_3-arp> sip <src-addr> smac<dst-addr>
opt1 {vlan|priority} <value> opt2 {vlan|priority} <value>
[no] remark <new_prio> <etherii-arp | 802_3-arp> sip <src-addr>
smac<dst-addr> opt1 {vlan|priority} <value> opt2 {vlan|priority} <value>
[no] redirect_ucast <out_untag|out_tag> <out_port> <etherii-arp |
802_3-arp> sip <src-addr> smac<dst-addr> opt1 {vlan|priority} <value> opt2
{vlan|priority} <value>
[no] rate_limit <bandwidth> <burst-size> <etherii-arp | 802_3-arp> sip
<src-addr> smac<dst-addr> opt1 {vlan|priority} <value> opt2 {vlan|priority}
<value>
Configure ACL rule for IP standard access list [no] deny| permit <etheterii-ip | 802_3-ip> sip <src-addr> opt1 {vlan|priority}
<value> opt2 {vlan|priority} <value>
[no] remark <new_prio> <etheterii-ip | 802_3-ip> sip <src-addr> opt1
{vlan|priority} <value> opt2 {vlan|priority} <value>
[no] redirect_ucast <out_untag|out_tag> <out_port> <etheterii-ip | 802_3-ip>
sip <src-addr> opt1 {vlan|priority} <value> opt2 {vlan|priority} <value>
[no] rate_limit <bandwidth> <burst-size> <etheterii-ip | 802_3-ip> sip
<src-addr> opt1 {vlan|priority} <value> opt2 {vlan|priority} <value>

Table 55 ACL List related CLI Commands List (continued)

Configure ACL rule for IP extended access list [no] deny| permit <etherii-ip | 802_3-ip> protocol <protocol> sip <src-addr>
dip<dst-addr> opt1 {vlan|priority|srcPort|dstPort|dscp} <value>
opt2 {vlan|priority|srcPort|dstPort|dscp} <value>
no] remark <new_prio|new_dscp> <value> protocol <protocol> sip
<src-addr> dip<dst-addr> opt1 {vlan|priority|srcPort|dstPort|dscp} <value>
opt2 {vlan|priority|srcPort|dstPort|dscp} <value> opt3
{vlan|priority|srcPort|dstPort|dscp} <value> opt4
{vlan|priority|srcPort|dstPort|dscp} <value>
[no] redirect_ucast <out_untag|out_tag> <out_port> <etherii-ip | 802_3-ip>
protocol <protocol> sip <src-addr> dip<dst-addr> opt1
[no] rate_limit <bandwidth> <burst-size>
<etherii-ip | 802_3-ip> protocol <protocol> sip <src-addr> dip<dst-addr>
opt1 {vlan|priority|srcPort|dstPort|dscp} <value> opt2
Apply or disable the ACL file to individual GE or link [no] apply-access-list filename1,[filename2..]
aggregation ports.
Apply the ACL file on BBS1000+ CPU interface. apply-mgmt-access-list filename1,[filename2..]
disable the ACL file on BBS1000+ CPU interface. no apply-acl-profile
Display profile(s) saved in the BBS1000+ database. show database-acl-record
Display all interfaces which have ACL rules applied show acl-applied-interface
to them.
Display the access list(s) content. show access-list [ <mac|arp|ip standard|ip extended> <file-name> ]
ACL Configuration
Procedures
1 Define the ACL, there are two methods:

ACL Profile Configuration 343
Using ACL Profile method:

a Create ACL profiles as text files and save them on the FTP server.
b Download the ACL text files to the BBS 1000+ file system.
c Import the ACL configurations into the BBS 1000+ database.
Using ACL CLI method:

a Create ACL Lists on the BBS 1000+ system.
2 Check the profiles saved in the database.
3 Apply the imported ACL profile to individual BBS 1000+ CPU interface or Layer
2 ports, using either the Access or Forwarding method.
Access: Applies to the BBS 1000+ CPU (Management Interface).
Forwarding: Applies to specific BBS 1000+ Layer 2 ports, including
Gigabit Ethernet ports and Link Aggregation ports.
In the Forwarding mode, the ACL default action can be defined on the L2
ports.
4 Display ACL rules applied to all interfaces.
5 Disable the ACL profile on individual BBS 1000+ logical ports as required.
ACL Profile The BBS 1000+ database can store up to 32 ACL profiles and maintains only
Configuration one ACL running configuration per port.
An ACL profile is comprised of ACL field lists. Field lists are comprised of fields
and rules. A rule is the action to be performed when the incoming packet
matches the value of a specified field. An example ACL profile is shown below.
Figure 122 ACL Profile Example
Each ACL profile must start with Profile start followed by a user defined Profile
Name. A profile description must end with profile end. Between the Profile
start and profile end lines, Field Lists and their related Rules are defined.

Field Lists and their related Rules are described below using the example field
list shown in Figure 123.
Figure 123 ACL Field List, Fields and Rules
Up to 10 Field can be defined in an Field List, but each Field List must begin
with the field keyword followed by a user defined field list number, name and a
colon ":" character. Three fields are mandatory: (EtherII | 802.3, tag | untag
and IP | ARP). These fields define the Ethernet frame and packet type.
Besides these mandatory fields, other optional fields are defined.
When an incoming packet matches the type defined in the Field List, it is
compared with the defined Rules of the related Field List. If the conditions are
met then the Action is performed, either permit or deny as defined by the Rule.
In the following example, it is assumed that the ACL profile is applied to the
GE3/4 port.
field 1 FieldList1: EtherII tag ip sip 0xffffffff dip

0xffffffff
rule 1 host1permit: sip 2.1.1.2 dip 1.1.1.2 action permit
The following comparison operations are performed on packets received at the

GE3/4 port:
Is the packet an EtherII type?
Is the packet tagged?
Is it an IP packet?
Is the source IP address within the IP address range specified by both the
rule's sip address (sip 2.1.1.2) and the field list's sip range (sip 0xffffffff)?
Is the destination IP address within the IP address range specified by both
the rule's dip address (sip 1.1.1.2) and the field list's dip range (sip
0xffffffff)?

If all the comparison conditions are "True", then the GE3/4 port will execute the
action defined in rule1 (in this example: the port will permit this packet to be
forwarded).
Specifying ACL Profiles ACL profiles must observe the following restrictions:
1 One profile can be applied to one or more logical ports; each logical port can be
configured with only one ACL profile. A new ACL profile will overwrite the old
ACL profile.
2 A maximum of 32 profiles can be stored in the database.
3 An ACL Field List can contain up to 10 different Field.
4 An ACL Field List must contain at least one ACL rule.
5 One profile can contain up to 80 rules (more than one rule can be defined for
each Field List).
6 The sequential order of the Field List in the ACL profile determines the field list
priority
7 Each Field List name and number must be unique within the ACL profile.
8 Each Rule name and number must be unique within an individual Field List.
9 Each text file can contain only one profile
10 A name defined for a Profile, Field List or Rule can be a maximum of 32
characters
Specifying ACL Fields An ACL profile can consist of up to 10 Field Lists. ACL fields define the incoming
packet condition to be monitored. When the incoming packet matches this
monitored condition the related rule(s) decide what action is to be taken.
Obviously a defined field condition without a matching rule would be pointless,
therefore each Field List must have at least one defined rule.
Example Field Lists for IP packets and ARP packets are described below.
Syntax for ACL Field Lists

1 For IP packets
field field-number field-name : {EtherII | 802.3} {tag | untag} [smac
range-mask] [dmac range-mask] [vlan range-mask] [priority range-mask] {ip}
[protocol] [dscp range-mask] [sip range-mask] [dip range-mask] [srcPort
range-mask] [dstPort range-mask]
Table 56 ACL Fields related to IP packets
Fields Possible Values Default Value Description

field-number N/A N/A Mandatory: Any integer
field-name N/A N/A Mandatory: User defined name

Table 56 ACL Fields related to IP packets (continued)

{EtherII | 802.3} Ether II or 802.3 N/A Mandatory: Ethernet Frame Type
{tag | untag} Tag or Untag N/A Mandatory:
The packet type: tagged or
untagged
smac range-mask 0x0 0xFFFFFFFFFFFF N/A Optional: IP source MAC range
Increments of 2n; n=47~0
dmac range-mask 0x0 0xFFFFFFFFFFFF N/A Optional: IP destination MAC
Increments of 2n; n=47~0 range
vlan range-mask 0x0000 0x0FFF 0x0FFF Optional: Layer 2 VLAN range
Increments of 2n; n=11~0 mask
Priority range-mask 0x0 0x7 0x7 Optional: Priority Range Mask. If
Increments of 2n; n=2~0 the Priority field is included then
this field must be preceded by the
tag field
{IP} IP N/A Mandatory: Defines packet type as
IP
Protocol Protocol N/A Optional:Defines IP protocol type
DSCP range-mask 0x0000 0x003F 0x003F Optional: DSCP range mask (An
Increments of 2n; n=5~0 IP field must be defined in this field
list)
SIP range-mask 0x0 0xFFFFFFFF 0xFFFFFF00 Optional: IP address range of
Increments of 2n; n=31~0 Source IP
DIP range-mask 0x0 0xFFFFFFFF 0xFFFFFF00 Optional: IP address range of
Increments of 2n; n=31~0 Destination IP
srcPort range-mask 0x0 0xFFFF 0xFFFF Optional: Range mask of
Increments of 2n; n=15~0 TCP/UDP source port
dstPort range-mask 0x0 0xFFFF 0xFFFF Optional: Range mask of
Increments of 2n; n=15~0 TCP/UDP destination port
2 For ARP packets

field field-number field-name : {EtherII | 802.3} {tag | untag} [vlan range-mask]
[priority range-mask] {arp} [sip range-mask] [dip range-mask] [smac
range-mask] [dmac range-mask]
Table 57 ACL Fields related to ARP packets

field-number N/A N/A Mandatory: Any integer
field-name N/A N/A Mandatory: User defined
name
{EtherII | 802.3} Ether II or 802.3 N/A Mandatory: Ethernet Frame
Type
{tag | untag} Tag or Untag N/A Mandatory: The packet type;
tagged or untagged
vlan range-mask 0x0000 0x0FFF 0x0FFF Optional: Layer 2 VLAN range

Table 57 ACL Fields related to ARP packets (continued)

Priority range-mask 0x0 0x7 0x7 Optional: Priority Range
Increments of 2n; n=2~0 Mask. If the Priority field is
used then this field must be
preceded by the tag field
{ ARP} ARP N/A Mandatory: Defines packet
type as ARP
sip range-mask 0x0 0xFFFFFFFF 0xFFFFFF00 Optional: ARP source IP mask
Increments of 2n; n=31~0
dip range-mask 0x0 0xFFFFFFFF 0xFFFFFF00 Optional: ARP destination IP
smac range-mask 0x0 0xFFFFFFFFFFFF N/A Optional: ARP source MAC
Increments of 2n; n=47~0 range
dmac range-mask 0x0 0xFFFFFFFFFFFF N/A Optional: ARP destination
Increments of 2n; n=47~0 MAC range
Syntax explanation
All range-masks are represented in HEX format prefixed with "0x".
MAC address represented in the xx:xx:xx:xx:xx:xx format, where "xx" is in
HEX format.
Mandatory fields
The following mandatory fields are self contained and do not take an associated
rule.
field-number: User defined Field List number
field-name: User defined Field List name
EtherII | 802.3:Ethernet Frame Type
tag | untag: The Packet type, Tagged or Untagged
IP | ARP: Packet type
Optional fields
All optional fields specified in the field list require an associated rule.
Protocol: Keyword only, no parameters
Priority range-mask: If the Priority field is included in the field list, then it
must be preceded by the tag field
DSCP range-mask: If the DSCP field is specified, then the IP field must be
included in the field list.
SrcPort range-mask | DstPort range-mask : SrcPort and DstPort fields are
only valid for TCP and UDP packets
vlan range-mask

sip range-mask
dip range-mask
smac range-mask
dmac range-mask
If the Field's range-mask is defined, the corresponding rule is based on this

mask, otherwise the rule is based on the Field's default range-mask. The
default mask of each field can be found in Table 56 and Table 57.
Field List Example using The following Field List explanations for IP type packets are based on the Field
IP Packets List example below.
field 1 fieldname1: 802.3 tag vlan IP dscp 0x38 sip 0xffffffc0
rule 1 rulename1: vlan 4 dscp 0x30 sip 5.1.1.0 action permit
To calculate the field range the following calculations are performed:

1 Convert the range mask to its binary form.
For example the DSCP range mask of "0x38" equals "111000" binary.
2 Count the number of zeros (0) in the binary range value. (In the previous
example there are three zeros in "111000").
3 Calculate the field range value using the following formula.
Field range = 2n
Where: n is the number of zeros in the binary form of the range-mask value.
Thus 23 equals eight, so the DSCP will have a range of 8.
VLAN Field
When the range mask is omitted from the VLAN field specification, then the
default VLAN MASK 0x0FFF(1111,1111,1111binary) will be used when
comparing the packet VLAN ID with the field list rule.
The VLAN ID range is equal to 20 indicating a range of 1, meaning that only an

exact match will satisfy the rule.
In the following example only a packet with a VLAN ID of 4 will be forwarded.
Field 1 fieldname1: 802.3 tag vlan IP
Rule 1 rulename1: vlan 4 action permit
DSCP Field
In this DSCP example a non-default range is used, "DSCP 0x38". This
indicates that the DSCP range-mask is 0x38.
The hex format range mask, "0x38" is equal to binary 111000.

Using the number of zeros in "111000" (three), the DSCP range is calculated as
23 or 8. This means that any incoming packet's DSCP value, within a range of
eight starting from the value specified in the associated Field List Rule, will
match the rule.
The range of possible Rule List values is the same as for the Field List. For
DSCP this is 0x0-0x3F. The valid Rule List values start at 0x00 and go up to
0x3F, in increments equal to the Range Mask defined in the related Field List, in
this example 0x38, which equals eight. So, valid DSCP Rule List values with a
Range Mask of 0x38 are 0, 8, 16, ... 48, 56.
In the following example packets with DSCP values from 0x30 (48) to 0x37 (55),
will be forwarded.
field 1 fieldname1: 802.3 tag vlan IP dscp 0x38
rule 1 rulename1: vlan 4 dscp 0x30 action permit
According to the DSCP range-mask defined in the Field List (0x38), valid DSCP
Rule values are listed in Table 58.
When the ACL profile is imported, the system will validate the rules. Only valid
rules will be accepted.
Table 58 Valid DSCP Rule values based on a DSCP mask of 0x38
Binary Range of matching DSCP

Valid DSCP Rule Values Equivalent values
DEC Hex Bin Dec
0 0x0 000000 0~7
8 0x8 001000 8~15
16 0x10 010000 16-23
24 0x18 011000 24~31
32 0x20 100000 32~39
40 0x28 101000 40~47
48 0x30 110000 48~55
56 0x38 111000 56~63
Sip Field
In this example the SIP range mask is "sip 0xFFFFFFC0" which is equal to
binary 1111,1111,1111,1111,1111,1111,1100,0000. Using the number of zeros in
this binary number (six), the SIP range is calculated as 26 or 64. This means
that the packet's source IP address must be within a range of 64, starting from
the SIP address specified in the associated Field List Rule, to satisfy the rule.

The range of possible Rule List values is the same as for the Field List
(0x0-0xFFFFFFFF) with the exception of "0x0", which is not a valid SIP rule
value. The valid SIP rule values must be a multiple of the range value specified
in the associated Field List.
In the following example packets with a SIP address between 5.1.1.0 and
5.1.1.63 inclusive, will be forwarded.
field 1 fieldname1: 802.3 tag IP sip 0xffffffc0
rule 1 rulename1: sip 5.1.1.0 action permit
According to the SIP range-mask defined in the Field List (0xFFFFFFC0), valid
SIP rule values are listed in Table 59.
Table 59 Valid SIP Rule values based on a SIP mask
Valid SIP Rule Values Range of matching SIP values

X.Y.Z.0 X.Y.Z.0 ~ X.Y.Z.63
X.Y.Z.64 X.Y.Z.64 ~ X.Y.Z.127
X.Y.Z.128 X.Y.Z.128 ~ X.Y.Z.191
X.Y.Z.192 X.Y.Z.192 ~ X.Y.Z.255
The rules for specifying DIP fields and rules are the same as those for SIP fields
and rules.
Field List Example using The following Field List will be used as an example to describe Fields related to
ARP Packets ARP type packets.
field 20 f1: EtherII tag vlan 0xFF0 ARP smac FF:FF:FF:FF:FF:FF

dmac FF:FF:FF:FF:FF:00
In this example, some fields such as priority, sip, dip are the same as in the
section above and will not be described again. Other fields such as VLAN,
smac, dmac will be described below.
VLAN Field
"VLAN 0xFF0" in the example indicates a VLAN range-mask of 0xFF0.
0xFF0 is equal to binary 1111,1111,0000. Using the number of zeros in

"1111,1111,0000" (four), the VLAN range is calculated as 24 or 16.
This means that any packets with a VLAN ID within a range of 16 starting from
the value specified in the associated Field List Rule, will satisfy the rule.

The range of possible VLAN Rule List values is the same as for the related Field
List (0x000-0xFFF), with the exception of 0x000. The range of valid VLAN Rule
values is from 0x001 to 0xFFF, in increments equal to the Range Mask defined
in the related VLAN Field, in this example 0xFF0, which equals 16. So, valid
VLAN Rule values with a Range Mask of 0xFF0 are 0, 16, 32, ... 4064, 4080.
In the following example, packets with a VLAN ID between 4064 and 4095
inclusive, will be forwarded.
field 20 f1: EtherII tag vlan 0xFF0 ARP
rule 1 rule1: vlan 4064 action permit
According to the VLAN range-mask defined in the Field List (0xFF0), valid VLAN
Rule values are listed inTable 60.
Table 60 Valid VLAN rule values based on a VLAN mask
Binary
Valid VLAN ID Rule Values Equivalent Range of Matching VLAN Values
DEC Hex Bin Dec
0 0x0 0000,0000,0000 0~15
16 0x10 0000,0001,0000 16~31
... ... ...
4064 0xFE0 1111,1110,0000 4064~4079
4080 0xFF0 1111,1111,0000 4080~4095
SMAC Field
In this example, the SMAC Field range mask is "FF:FF:FF:FF:FF:FF". Since
there are no zeros in the binary format of this value, the SMAC range is equal to
20 or 1. This means that only the SMAC defined in the associated Rule will be
matched.
The range of possible SMAC Rule values is the same as for the SMAC Field (00
- FF:FF:FF:FF:FF:FF), with the exception of 00. Valid SMAC Rule values must
be a multiple of the range specified in the SMAC Field range-mask. In this
example the SMAC range is equal to one(1), so any value up to
FF:FF:FF:FF:FF:FF is valid.
DMAC Field
In this example, the DMAC Field range mask is " FF:FF:FF:FF:FF:00". The
binary form of this value has eight zeros, so the DMAC range is equal to 28 or

256. This means that any packet's DMAC value, within a range of 256 from the
value specified in the associated Field List Rule, will satisfy the rule.
The range of possible DMAC Rule values is 00 - FF:FF:FF:FF:FF:FF, with the

exception of 00. Valid DMAC Rule values must be a multiple of the DMAC range
value specified in the DMAC Field range-mask.
In the following example, only packets with a source MAC of

4A:5B:6C:7D:8E:9F and a destination MAC in the range of 1F:2E:3D:4C:5B:00
to 1F:2E:3D:4C:5B:FF will be forwarded.
field 20 f1: EtherII tag ARP smac FF:FF:FF:FF:FF:FF dmac

FF:FF:FF:FF:FF:00
rule 1 rule1: smac 4A:5B:6C:7D:8E:9F dmac 1F:2E:3D:4C:5B:00

action permit
According to the DMAC range-mask defined in the Field List, valid DMAC Rule
values are listed in Table 61.
Table 61 Valid DMAC Rule values based on a DMAC range mask
Valid Dmac Rule Values (Hex) Range of matching Dmac values

FF:FF:FF:FF:FF:00 FF:FF:FF:FF:FF:00- FF:FF:FF:FF:FF:FF
FF:FF:FF:FF:FE:00 FF:FF:FF:FF:FE:00- FF:FF:FF:FF:FE:FF
...
00:00:00:00:01:00 00:00:00:00:01:00-00:00:00:00:01:FF
00:00:00:00:00:00 00:00:00:00:00:00-00:00:00:00:00:FF
Specifying ACL Rules An ACL profile can contain up to 80 rules. Rules defined for a Field List must be
related to the Fields defined in the Field List.
Syntax for ACL rules

1 For IP Packets
rule rule-number rule-name: [vlan vlan-value] [smac sourceMAC] [dmac
destinationMAC] [priority prio-value] [dscp dscp-value] [protocol
protocol-value] [sip IP-address] [dip IP-address] [srcPort port-value] [dstPort
port-value] action {permit | deny | remark_dscp new_dscp dscpvalue |
remark_prio new_priority priovalue| rate_limit bandwidth limitvalue}

Table 62 ACL Rules related to IP packets
Fields Possible Values Description

rule N/A Mandatory: Keyword starting the rule list
rule-number N/A Mandatory: Any integer
rule-name N/A Mandatory: User defined name
[vlan vlan-value] 0-4095 Optional: Layer 2 VLAN ID
[priority prio-value] 0-7 Optional: Priority value
smac sourceMAC 0:0:0:0:0:0-FF:FF:FF:FF:FF:FF Optional: Source MAC Value
dmac destinationMAC 0:0:0:0:0:0-FF:FF:FF:FF:FF:FF Optional: Destination MAC Value
[protocol protocol-value] Integer between 1and 255 or TCP(6), Optional: Defines IP Protocol type.
UDP(17) When defining TCP or UDP in the Rule List, either
the number or name can be used
[sip IP-address] 0.0.0.0-255.255.255.255 Optional: Source IP value
[dip IP-address] 0.0.0.0-255.255.255.255 Optional: Destination IP value
[srcPort port-value] 0-65535 Optional: TCP/UDP source port value
[dstPort port-value] 0-65535 Optional: TCP/UDP destination port value
action N/A Mandatory: Keyword for the rule list, followed by an
action type (see table below).
The valid rule values in the table above, must be equal to a multiple of the range
defined in the related Field's range-mask. (Example: For a DSCP with a range
of 8, valid rule values can be 0, 8, 16, 24 ...)
Table 63 ACL Rules Actions
Action Options Possible Values Description

permit N/A Forward the packets
deny N/A Drop the packets
remark_dscp new_dscp dscpvalue 0-63 Reset the DSCP value
remark_prio new_priority priovalue 0-7 Reset the Priority value
rate_limit bandwidth limitvalue [burst-size burst-size] 1-1000. Set the rate limit to limitvalue
burst-size is an optional parameter. Default
value is 512Kbytes.
2 For ARP packets

rule rule-number rule-name: [vlan vlan-value] [priority prio-value] [sip
IP-address] [dip IP-address] [smac sourceMAC] [dmac destinationMAC]
action {permit | deny | remark_prio new_priority priovalue| rate_limit
bandwidth limitvalue}

Table 64 ACL Rules related to ARP packets
Fields Possible Values Description

rule N/A Mandatory: Keyword starting the rule list
rule-number N/A Mandatory: Any integer
rule-name N/A Mandatory: User defined name
vlan vlan-value 0-4095 Optional: Layer 2 VLAN ID
priority prio-value 0-7 Optional: Priority value
sip IP-address 0.0.0.0-255.255.255.255 Optional: Source IP address
dip IP-address 0.0.0.0-255.255.255.255 Optional: Destination IP address
smac sourceMAC 0:0:0:0:0:0-FF:FF:FF:FF:FF:FF Optional: Source MAC Value
dmac destinationMAC 0:0:0:0:0:0-FF:FF:FF:FF:FF:FF Optional: Destination MAC Value
action N/A Mandatory: Keyword following the rule which
precedes the action specified.
Syntax explanation
All rules must begin with the rule keyword
The user defined rule-number and rule-name are both mandatory and must
be unique within an individual Field List.
The etherII, 802.3, tag, untag, ip and arp fields do not require a rule, but
all other fields must have a related rule.
Protocol rules take effect only if the Protocol keyword is specified in the
related field list.
All parameter values configured in the rule list can use either Decimal or HEX
numbers
The following rules all require an associated parameter
SIP IP-address
DIP IP-address
SrcPort port-value
DstPort port-value
VLAN vlan-value
Priority prio-value
SMAC sourceMAC
DMAC destinationMAC
The previous rules requiring associated parameters, are all dependant on the
related Field's range mask. Using sip IP address for example: If a range
mask of "0xFFFFFFFF" was specified, then only one IP address will match,
i.e., the IP address specified in the rule. Otherwise, a range of IP addresses
will match the rule depending on the range-mask defined.

The SrcPort and DstPort rules are only valid for TCP or UDP protocols.
When the rule's action is defined as remark_dscp, remark_prio, or
rate_limit, then the DCSP, Priority or Bandwidth value can be reset to a new
value, using the corresponding new_dscp <0-63> | new_priority <0-7> |
bandwidth <1-1000> [burst-size <4|8|16|32|64|128|256|512>]
The new bandwidth defined above is in Mbps and Priority refers to the CoS
value.
ARP Packets Rule List Example

field 1 fieldname1: EtherII tag vlan priority ARP
rule 1 rulename1:vlan 4 priority 3 action deny
By applying the previous ACL field list, packets matching all of the following
conditions will be dropped (deny):
The packets are EtherII type
They are tagged packets
The VLAN tag contained in the packet is 4
The COS value of the packet is 3
The packets are ARP type
IP Packets Rule List Example

field 2 fieldname2: EtherII tag vlan priority IP protocol dscp
0x3F sip 0xffffff00 dip 0xffffff00 srcPort 0xffff
rule 2 rulename2: vlan 6 priority 4 dscp 4 protocol TCP sip

172.16.1.0 dip 200.10.5.0 srcport 10 action permit
Packets matching all of the following conditions will be permitted:

The packet is EtherII type
The VLAN tag contained in the packet is 6.
The COS value of the packet is 4.
The packet is IP type
The packet protocol type is TCP.
The packet DSCP value is 4.
The source IP address is in the 172.16.1.0/24 network segment.
The destination IP address is in the 200.10.5.0/24 network segment.
The source port is 10.
field 3 fieldname3: EtherII tag vlan IP protocol sip

0xffffff00 dip 0xffffff00

rule 3 rulename3: vlan 5 protocol TCP sip 172.16.4.0 dip

200.10.7.0 action remark_dscp new_dscp 52
Packets matching all of the following conditions will have their DSCP value reset
to 52:
The packet is EtherII type
The VLAN tag contained in the packet is 5
The packet is an IP type
The packet protocol type is TCP
The source IP address is in the 172.16.4.0/24 network segment
The destination IP address is in the 200.10.7.0/24 network segment
Specifying Actions Actions Defined in the Rules

One of the following actions will be performed when the packet matches all the
defined fields:
1 Permit
2 Deny
3 Remark_dscp(Reset DSCP value)
4 Remark_prio(Reset Priority value)
5 Rate_limit(Perform rate limit for the specified stream)
Actions Remark_dscp and Remark_prio, can be configured only in Forwarding
Mode.
Pre-configured Default Action in Forwarding Mode

In order to prevent a virus or hacker from attacking BBS 1000+ via L2 ports, the
acl-default-action pre-configuration command can be issued on GE or Link
Aggregation ports from the CLI Configuration command mode. Afterwards the
port drops the following types of packets:
All packets encapsulated in 802.2/802.3 format
RARP packets encapsulated in Ethernet format
All TCP or UDP packets (encapsulated in etherII format and not fragmented)
with destination port 137, 138, 169,445 and only UDPpackets with
destination port of 68.
These ports can be used by a virus or hacker to attack the system. When a
non-fragmented packet has a frame flag value of "0" it is assumed to be a virus,
and the packet is dropped.
After issuing the acl-default-action pre-configuration command, the old ACL

profile applied to the GE/Link Aggregation port will be replaced.

To disable the ACL default action use the No form of the command, i.e., no
acl-default-action pre-configuration.
Example:
1 Enable the pre-configuration default action on GE3/1 port.

telnet@BBS1000+(config-t-if-ge-3/1)# acl-default-action
pre-configuration

telnet@BBS1000+(config-t-if-ge-3/1)# show configure running

interface giga-ethernet 3/1
description "GE-9"
no shutdown
acl-default-action pre-configuration
exit
IPMC Filtering Action in Forwarding Mode

In order to control multicast and broadcast traffic, BBS 1000+ provides IPMC (IP
Multicast) filtering. Using the ip multicast filter command, the filter can be
applied to GE or Link Aggregation ports.
Ports with IP multicast filtering enabled perform the following actions on

incoming packets:
Multicast traffic
Multicast packets, those with a destination MAC address prefix of
01:00:5e:xx:xx:xx, with ICMP/TCP/UDP protocols are dropped.
Broadcast traffic
Ethernet Packets with a destination MAC of FF:FF:FF:FF:FF:FF are dropped
if IPMC filtering is enabled unless the packets are IP or ARP.
When IP multicast filtering is enabled on a port, the additional rule is applied to

the port, but the original ACL profile is not overwritten.
To disable IPMC filtering use the "No" form of the command, i.e., no ip
multicast filter.
Example:
1 Enable IPMC filtering on the GE3/1 interface of the BBS 1000+ system.
telnet@BBS1000+(config-t-if-ge-3/1)# ip multicast filter
2 Check the GE3/1 interface configuration.

telnet@BBS1000+(config-t-if-ge-3/1)# show configure running

description "GE-9"
no switchport
ip address 3.2.2.2 255.255.255.0
no shutdown
ip multicast filter
exit
IPMC Filtering is always used on downlink GE ports to block packets from ONUs
with specific formats.
ACL Profile Configuring This section describes how to create an ACL profile. The main steps involved,
Example are shown below:
1 Determine the application's specific ACL profile requirements.
2 Define the ACL Rules (to implement the previous requirements).
3 Create the ACL Profile.
Determine the Application's Specific ACL Profile Requirements

The topology shown in Figure 124 will be used in this example.
Figure 124 Configure Topology Example
In this example an ACL needs to be created that will perform the following
functions:
Only allow telnet connections with BBS 1000+ from IP address
192.168.103.37
Allow in-band management of BBS 1000+ via uplink port GE3/1
GE3/1 is configured as an SVI with an IP address of 40.0.0.10 and the
management VLAN ID is 400, so only allow packets tagged with a VLAN
ID of 400
Only allow packets with a destination port number of 23 (telnet)

Access Mode ACL Configuration Example 359
Define the ACL Rules

The ACL used in this example is used to control access to BBS 1000+. It will be
applied on the BBS 1000+ Management (CPU) interface. The default action for
the ACL is "deny". The access ACL rules are always tagged.
If the packets match the following conditions, then they will be permitted.
Packets are EtherII type
Packets are IP type.
Protocol type of the packets is TCP
VLAN ID of the packets is 400.
Source IP address of the packets is 192.168.103.37/24.
Telnet packet destination port is 23.
Create the ACL Profile

Using a text editor, create the following ACL profile and save it as "x.txt".
Profile start Telnetprofile
field 1 telnetapp: EtherII tag vlan 0xfff IP protocol sip

0xffffffff dstPort 0xffff
rule 1 permituser: vlan 400 protocol tcp sip 192.168.103.37

dstPort 23 action permit
profile end
After the ACL profile is defined, it should be uploaded to the BBS 1000+ system
and applied on the CPU interface from the Configure Management command
mode.
In the current version, management ACL only supports src/des IP, src/des port,
and protocol type.
Access Mode ACL Application Description

Configuration In the following example, one port on the Cisco 3750 switch is denied access to
Example the BBS 1000+ system.

Example Topology
Figure 125 ACL Topology Example
In the topology example in Figure 125, BBS 1000+ is connected to the L3

Switch (Cisco 3750) via BBS 1000+ uplink port GE3/1. An FTP server is
connected to the BBS 1000+ out-band Management port.
In this example an ACL will be defined to deny a specific Cisco switch interface
(IP address 5.1.1.2/24 on port g1/0/25) access to BBS 1000+'s GE3/1 port.
Configuration Tasks The tasks involved in configuring an ACL are given below, using the topology
Using ACL Profile example in Figure 125.
1 Configure a Routed Interface on the Cisco switch

2 Create the ACL file
3 Download the ACL file from FTP Server to BBS 1000+
4 Import the ACL file into the ACL Profile
5 Apply ACL Profile to BBS 1000+ Management Interface(CPU)
6 Confirm that the Cisco switch is denied access
7 Disable the ACL profile on BBS 1000+ system
8 Confirm that the ACL profile is disabled
Configure a Routed Interface on the Cisco switch

Create a Routed Interface on port g1/0/25 of the Cisco 3750 and assign its IP
address as 5.1.1.2/24.
1 Login to the Cisco switch and enter the Configure Terminal command mode.
c:\> telnet 192.168.103.219
3750>

3750>enable
Password:******
Enter configuration commands, one per line. End with CTRL+Z.
2 Create a Routed Interface on the Cisco switch.

3 Assign an IP address to the Routed Interface and start it.

3750(config)#exit
3750#
4 Save the new configuration.

3750#write
[OK]
3750#

Create a Routed Interface on BBS 1000+ port GE3/1 and assign its IP address
as 5.1.1.1/24.
c:\> telnet 192.168.103.227
Login: admin
Password:*****
telnet@BBS1000+>
telnet@BBS1000+>configure terminal


3 Assign an IP address to BBS 1000+ GE3/1 and start it.

255.255.255.0
4 Display the configuration information for the BBS 1000+ GE3/1 port.
giga-ethernet 3/1

MTU 1500 bytes
Create the ACL file

1 Create an ACL profile using a text editor.
The contents of the ACL file named access.txt is shown below:
Profile start SPECIFIC_BBS_Downlink:

field 101 QaField1: EtherII tag ip sip 0xffffffff dip
0xffffffff
rule 1 QaRuleDeny: sip 5.1.1.2 dip 5.1.1.1 action deny
field 102 QaField2: 802.3 tag ip dip 0xff000000

rule 1 QaRulePermit: dip 5.0.0.0 action permit
profile end
2 Copy the ACL file to the FTP server's default directory.

Download the ACL file from FTP Server to BBS 1000+
telnet@BBS1000+(config)#
telnet@BBS1000+(config)# configure management
2 Copy the ACL file (access.txt) to BBS 1000+'s "flash:/" directory.

telnet@BBS1000+(config-mgmt)# ftp 192.168.103.100 get gepon
geponbbs flash:/access.txt access.txt
..
Write to Flash, Please wait ...

In this example "gepon" and "geponbbs" are the FTP server user name and
password respectively.
3 Verify that the file copied successfully.

telnet@BBS1000+(config-mgmt)# file-system list flash:
size date time name
-------------------------------------------------
1024 JUL-27-2020 00:35:40 <DIR> onuImage
3546308 JUL-27-2020 05:01:32 BBS1000plus.stz
28 JAN-01-1980 00:00:02 sysInfo
325 JUL-27-2020 00:46:28 access.txt
4 Exit the Configure Management command mode.

telnet@BBS1000+(config-mgmt)# exit
telnet@BBS1000+#
Import the ACL file into the ACL Profile

Next, the ACL file saved in the BBS 1000+ flash memory must be imported into
the ACL profile. All ACL profiles are saved in the BBS 1000+ database. Up to 32
profiles can be stored in the database. Each imported profile is identified by its
profile ID. The possible profile values are 1 to 32. When one profile(i.e., profile
1) already exists in the database and a new ACL file is imported to database
with the same profile ID(i.e.,profile 1), then the old profile is overwritten by the
new one.
1 Display the BBS 1000+ ACL profile
telnet@BBS1000+# show database-acl-record
No profile exists in the database.
2 Import the ACL file (access.txt) to Profile 1 from the Configure Terminal
command mode.
In the following example, it is assumed that a previous "Profile 1" does not exist
in the BBS 1000+ database.
telnet@BBS1000+(config-t)# import flash:/access.txt to

profile 1
There are 1 profile_start, 1 profile_end, 2 field, 2 rule.
Passed syntax check! now importing...
...Done!
3 Check the ACL database information.

telnet@BBS1000+(config-mgmt)# show database-acl-record
Profile start 1 SPECIFIC_BBS_Downlink:

Field 101 QaFiled1: tag EtherII IP sip 0xffffffff dip
0xffffffff
rule 1 10_1_2_0_deny: sip 5.1.1.2 dip 5.1.1.1 action
DENY
Field 102 QaFiled1: tag 802.3 IP dip 0xff000000
rule 1 10_1_2_0_deny: dip 5.0.0.0 action PERMIT
Profile End
Apply ACL Profile to BBS 1000+ Management Interface(CPU)

2 Apply Profile 1 to the BBS 1000+ system.

telnet@BBS1000+(config-mgmt)# apply-mgmt-acl-profile 1
3 Verify that ACL profile (1) was successfully applied to the port.
BBS1000+(config-t-if-ge-1/2)# show acl-applied-interface
Interface ProfileID FieldID RuleID

-----------------------------------------------------------
CPU 1 1 1
Field 101 QaFiled1: tag EtherII IP sip 0xffffffff dip
0xffffffff
rule 1 10_1_2_0_deny: sip 5.1.1.2 dip 5.1.1.1 action
DENY
CPU 1 2 2
Field 102 QaFiled1: tag 802.3 IP dip 0xff000000
rule 1 10_1_2_0_deny: dip 5.0.0.0 action PERMIT
Confirm that the Cisco switch is denied access

If the configuration is correct then the following Ping command should fail.
3750# ping 5.1.1.1
Type escape sequence to abort.

seconds:
.....

Disable the ACL profile on BBS 1000+ system

telnet@BBS1000+(config-mgmt)# no apply-mgmt-acl-profile
telnet@BBS1000+(config-mgmt)# show acl-applied-interface
After disabling the ACL profile, the profile is not applied on the BBS 1000's CPU
interface..
Confirm that the ACL profile is disabled

If the ACL profile was successfully disabled then the following Ping command
should be successful.
3750#ping 5.1.1.1
Type escape sequence to abort.

seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max =

1/2/9 ms
Delete the ACL profile saved in the BBS 1000+ database

If the ACL profile will not be used in the BBS 1000+ system, use the following
command to clear this ACL profile 1 saved in the database.
telnet@BBS1000+(config-t)# clear-database-acl 1
telnet@BBS1000+(config-t)# show database-acl-record
Configuration Tasks The tasks involved in configuring an ACL are given below, using the topology
Using ACL CLI example in Figure 125.

2 Define ACL using ACL CLI Commands Command
3 Apply ACL to BBS 1000+ Management Interface(CPU)
4 Confirm that the Cisco switch is denied access
5 Disable the ACL profile on BBS 1000+ system
6 Confirm that the ACL profile is disabled
7 Delete the ACL List saved in the BBS 1000+ database

The tasks 1,2,5,6,7 are the same as the configuration tasks described in the
above section, so only the task 3,4,8 are listed below.
Define ACL using ACL CLI Commands

1 Define an ACL Access List.
telnet@BBS1000+(config-t)# access-list ip extended
BBS_Downlink
2 Configure ACL rule lists for BBS_Downlink.

telnet@BBS1000+(config-ext-nacl)# permit etherii-tag-ip p ip
sip any dip 5.0.0.0/255.255.255.0
BBS_Downlink record NO. 1 Passed syntax check! now

importing...
...Done!
telnet@BBS1000+(config-ext-nacl)# deny etherii-tag-ip

protocol ip sip host/5.1.1.2 dip host/5.1.1.1
BBS_Downlink record NO. 2 Passed syntax check! now

importing...
...Done!
telnet@BBS1000+(config-ext-nacl)#
3 Check the ACL list file.

telnet@BBS1000+(config-ext-nacl)# exit
telnet@BBS1000+(config-t)# show access-lists
---ACL access list BBS_Downlink ---

permit etherii-tag-ip protocol IP sip any dip
5.0.0.0/255.255.255.0
deny etherii-tag-ip protocol IP sip host/5.1.1.2 dip
host/5.1.1.1
4 Check the ACL saved in the database.

IP EXTENDED File Name BBS_Downlink:

Field 1 tag EtherII IP protocol sip 0x0 dip
0xffffff00
rule 1 protocol IP dip 5.0.0.0 action PERMIT
Field 2 tag EtherII IP protocol sip 0xffffffff dip
0xffffffff
rule 2 protocol IP sip 5.1.1.2 dip 5.1.1.1 action
DENY
Apply ACL to BBS 1000+ Management Interface(CPU)

1 Enter Configure Management Command Mode.
Forwarding Mode ACL Configuration Example 367
2 Apply the ACL to the BBS 1000+ system.

telnet@BBS1000+(config-mgmt)# apply-mgmt-access-list
BBS_Downlink
3 Verify that ACL BBS_Downlink was successfully applied to the port.

telnet@BBS1000+(config-mgmt)# show acl-applied-interface

-----------------------------------------------------------
cpu 1 1 1
Profile start 1 BBS_Downlink
0xffffff00
rule 1 dip 5.0.0.0 action PERMIT
cpu 1 2 2
Profile start 1 BBS_Downlink
Field 2 tag EtherII IP protocol sip 0xffffffff dip
0xffffffff
rule 2 sip 5.1.1.2 dip 5.1.1.1 action DENY
After apply the ACL file to the CPU interface, the ACL rule is saved in the
database as ACL profile.
Delete the ACL List saved in the BBS 1000+ database

If the ACL List file will not used in the BBS 1000+ system, use the following
command to clear this ACL List saved in the database.
telnet@BBS1000+(config-t)# clear-database-acl SBB_Downlink
Forwarding Mode ACL Application Description

Configuration In the following example a PC connected to an ONU is denied access to the
Example Cisco 3750 switch via the BBS 1000+ system.

Example Topology
Figure 126 Configure ACL for Forwarding packets
In Figure 126, BBS 1000+ connects to port g1/0/25 of Cisco 3750 via uplink port
GE3/1. A FTP server is connected to the BBS 1000+'s out-band Management
port. Downlink port GE1/1 is a member of Super VLAN 500. The VLAN of
ONU1 is a member-VLAN of Super VLAN 500. Super SVI 500's IP address is
4.1.1.1/24. PC1 connects to BBS 1000+ through ONU1.
Define an ACL profile on BBS 1000+ to deny PC1's visit to Cisco 3750.
Configuration Tasks The tasks involved in configuring ACL for forwarding packets are described
Using ACL Profile below, using the topology example in Figure 126.

2 Create Super SVI 500
3 Add host route
4 Configure ACL file
5 Download the ACL file to the BBS 1000+'s flash:/ directory
6 Import the ACL file into the ACL Profile
7 Apply the ACL Profile to the GE port
8 Perform a ping test from the PC
9 Disable ACL profile on the BBS 1000+ GE port

Configure a Routed Interface on the Cisco switch

Create port g1/0/25 as a Routed Interface and set its IP address as 5.1.1.2/24
1 Login to the Cisco switch and enter the Configure Terminal command mode.
c:\> telnet 192.168.103.219
3750>
3750>enable
Password:******
Enter configuration commands, one per line. End with CTRL+Z.
2 Create a Routed Interface on the Cisco switch.

3 Assign an IP address to the Routed Interface and start it.

3750(config)#exit
3750#
4 Save the new configuration.

3750#write
[OK]
3750#

Configure BBS 1000+ port GE3/1 as a Routed Interface, and set its IP address
as 5.1.1.1/24
c:\> telnet 192.168.103.227
Login: admin
Password:*****
telnet@BBS1000+>
telnet@BBS1000+>configure terminal

3 Assign an IP address to BBS 1000+ GE3/1 and start it.

255.255.255.0
4 Display the configuration information for the BBS 1000+ GE3/1 port.
giga-ethernet 3/1

MTU 1500 bytes
Create Super SVI 500

1 Create a VLAN with an ID of 500.
2 Assign GE1/1 as a tagged member of VLAN 500

3 Configure VLAN 500 as a SVI.

4 Configure VLAN 500 as a Super SVI.

5 Add VLAN 101 as a member of the Super SVI

telnet@BBS1000+(config-t-if-vlan-500)# member 101
6 Assign the Super SVI an IP address of 4.1.1.1/24.

255.255.255.0
7 Activate the Super SVI.

8 Display the Super VLAN properties

Super Vlan id: 500
Member: 101
Add host route

Add the host route by issuing the following command, where:
4.1.1.100 is the PC1's IP address
Vlan 500 indicates the SVI
Sub-vlan 101 indicates the sub-VLAN of the SVI (The ONU's VLAN)
Member ge1/1 is the physical GE port of the SVI

Configure ACL file

1 Create an ACL profile text file named "access.txt".
The contents of access.txt are shown below:
Profile start SPECIFIC_BBS_Uplink:

field 101 QaField1: EtherII tag ip dip 0xffffffff
rule 1 IPaddressDeny: dip 5.1.1.2 action deny
profile end
2 Copy the ACL file to the FTP Server's default directory.

Download the ACL file to the BBS 1000+'s flash:/ directory
telnet@BBS1000+(config)#
2 Download the ACL profile named "access.txt" to the BBS 1000+'s flash:/
directory. (In this example "gepon" and "geponbbs" are the FTP user name and
password respectively.
telnet@BBS1000+(config-mgmt)# ftp 192.168.103.100 get gepon
geponbbs flash:/access.txt access.txt
..

3 Verify that the ACL profile downloaded successfully to the BBS 1000+'s flash:/
directory.
size date time name
-------------------------------------------------
1024 JUL-27-2020 00:35:40 <DIR> onuImage
3546308 JUL-27-2020 05:01:32 BBS1000plus.stz
28 JAN-01-1980 00:00:02 sysInfo
225 JUL-27-2020 00:46:28 access.txt
4 Exit the Configuration Management command mode.

telnet@BBS1000+(config-mgmt)# exit
telnet@BBS1000+#
Import the ACL file into the ACL Profile

1 Display the BBS 1000+'s ACL profile.
telnet@BBS1000+# show database-acl-record
No profile exists in the database.
2 From the Configure Terminal command mode, import the file "access.txt" to the
BBS 1000+ ACL Profile.
In the following example, it is assumed that a previous "Profile 2" does not
already exist in the BBS 1000+ database.
telnet@BBS1000+(config-t)# import flash:/access.txt to

profile 2
There are 1 profile_start, 1 profile_end, 1 field, 1 rule.
Passed syntax check! now importing...
...Done!
3 Check the ACL database information.


Profile start 1 SPECIFIC_BBS_Uplink:
field 101 QaField1: EtherII tag ip dip 0xffffffff
rule 1 IPaddressDeny: dip 5.1.1.2 action deny
profile end
Apply the ACL Profile to the GE port

1 Apply the profile to the BBS 1000+ GE1/1 port.
telnet@BBS1000+(config-t-if-ge-1/1)# apply-acl-profile 2
2 Verify that the ACL profile (2) was successfully applied to the port.
-----------------------------------------------------------
ge1/1 2 1 1
Perform a ping test from the PC

If the configuration is correct, the PC will not be able to ping the Cisco switch's
g1/0/25 port with an IP address of 5.1.1.2.
C:\>ping 5.1.1.2

Request timed out.
Disable ACL profile on the BBS 1000+ GE port

telnet@BBS1000+(config-t-if-ge-1/1)# no apply-acl-profile
-----------------------------------------------------------
Perform a ping test

If the profile was successfully disabled, then the PC will be able to ping the
Cisco switch g1/0/25 port with an IP address of 5.1.1.2.
C:\>ping 5.1.1.2



Delete the ACL Profile saved in the BBS 1000+ database

If the ACL profile will not used in the BBS 1000+ system, use the following
command to clear this ACL profile 2 saved in the database.
telnet@BBS1000+(config-t-if-ge-1/1)#exit
telnet@BBS1000+(config-t)# clear-database-acl 2
Configuration Tasks The tasks involved in configuring ACL for forwarding packets are described
Using ACL CLI below, using the topology example in Figure 126.

2 Create Super SVI 500
3 Add host route
4 Define ACL using ACL CLI Commands
5 Apply ACL to the GE port
7 Disable ACL profile on the BBS 1000+ GE port
9 Delete the ACL List saved in the BBS 1000+ database
The tasks 1,2,3,4,7,8,9 are the same as the configuration tasks described in the
above section, so only the tasks 5,6,10 are listed below.
Define ACL using ACL CLI Commands

1 Define an ACL Access List.
telnet@BBS1000+(config-t)# access-list ip extended BBS_Uplink
2 Configure ACL rule lists for BBS_Uplink.

telnet@BBS1000+(config-ext-nacl)# deny etherii-tag-ip
protocol ip sip any dip host/5.1.1.2

BBS_Uplink record NO. 1 Passed syntax check! now

importing...
...Done!
3 Check the ACL list file.

telnet@BBS1000+(config-ext-nacl)# show access-lists
---ACL access list BBS_Uplink ---
deny etherii-tag-ip protocol IP sip any dip host/5.1.1.2
4 Check the ACL saved in the databse.

telnet@BBS1000+(config-ext-nacl)# show database-acl-record
IP EXTENDED File Name BBS_Uplink:

0xffffffff
rule 1 protocol IP dip 5.1.1.2 action DENY
Apply ACL to the GE port

1 Apply the profile to the BBS 1000+ GE1/1 port.
telnet@BBS1000+(config-ext-nacl)#exit
telnet@BBS1000+(config-t-if-ge-1/1)# apply-access-list
BBS_Uplink
apply acl name BBS_Uplink to interface [L2#1], Done!
2 Verify that the ACL list was successfully applied to the port.
telnet@BBS1000+(config-t-if-ge-1/1)# show
acl-applied-interface

-----------------------------------------------------------
ge1/1 1 1 1
Profile start 1 BBS_Uplink
0xffffffff
rule 1 dip 5.1.1.2 action DENY
Delete the ACL List saved in the BBS 1000+ database

If the ACL List file will not used in the BBS 1000+ system, use the following
command to clear this ACL List saved in the database.

telnet@BBS1000+(config-t)# clear-database-acl BBS_Uplink

CONFIGURING QOS
15
BBS 1000+ QoS This chapter describes how to configure Quality of Service (QoS) in BBS 1000+
Overview to select specific network traffic, prioritize it according to its relative importance.
Implementing QoS in BBS 1000+ to avoid bottlenecks congestion makes
network performance more predictable and bandwidth utilization more effective.
In a typical BBS 1000+ network as depicted in Traffic Bottlenecks, there are two
bottlenecks for the upstream traffic. One is at the 2 Gigabit uplink interface,
because if fully populated there are 8 Gigabit traffic go to uplink. The other is on
each OLT port. Because each OLT interface can connect up to 32 ONUs, on
average each ONU's traffic should be limited to 31.25Mbps. For downstream
traffic, the bottleneck is at the OLT interface, for a specific ONU, the traffic
should be limited to the bandwidth allocated to it, the default max bandwidth for
specific ONU is 100M.
Figure 127 Traffic Bottlenecks

378 Chapter 15: Configuring QoS
To implement QoS, the switch must be able to distinguish different packets. This
is so called classification. The classification can be carried in Layer 2 frame or
Layer 3 IP packet header.
The Layer 2 frame that carries QoS classifications are 802.1Q frames with
802.1p class of service (CoS) priority bits defined.
Figure 128 802.1 Q Frame
TPID (Tag Protocol ID) has a defined value of 0x8100, which indicates the
tag header is presented in the frame. TCI (Tag Control Information) follows
the TPID field, which includes 3 bits of user priority field. The 3 bits can give 8
levels of CoS (Class of Services) with 0 as the lowest priority and 7 as the
highest.
Layer 3 IP packet header can carry either an IP precedence value or a
Differentiated Services Code Point (DSCP) value.
Figure 129 original ToS Field and DSCP Field
Originally, Type of Service field in the IP header has 3 bits as IP-Precedence

which can classify packets into 8 different categories. RFC 1349 uses the 4
bits after it to define 5 type of services. The last bit must be zero (MBZ).
DiffServ redefined the ToS field, splitting it into 6 bits of DSCP field and 2 bits
of ECN (Explicit Congestion Notification) field. With 6 bits, it can support 64
different classes of packets.

BBS 1000+ QoS Overview 379
QoS actions at Ingress port include classification, policing, marking. Actions

at Egress port are queuing and scheduling.
Figure 130 QoS Actions
For Policing and Marking are not related with QoS Configruation in the BBS
1000+, here ignores these two QoS actions intrudction.
Classification
During classification, BBS 1000+ performs lookup and assigns QoS label to the
packet. The options are:
1 Trust the DSCP value in the incoming packet (configure the port to trust DSCP),
and assign the same DSCP value to the packet.
Modify the DSCP to another value by using the configurable
DSCP-to-DSCP-mutation map.
2 Trust the IP precedence value in the incoming packet (configure the port to trust
IP precedence), and generate a DSCP value for the packet by using the
configurable IP-precedence-to-DSCP map.
Table 65 BBS 1000+ Default IP Precedence to DSCP Map
IP Precedence 0 1 2 3 4 5 6 7
DSCP 0 8 16 24 32 40 48 56
3 Perform the classification based on ACL (Access List), which examines various
fields in the IP header. If no ACL is configured, the packet is assigned 0 as the
DSCP and CoS values, which means best-effort traffic.
Queuing and Scheduling

Queuing and Scheduling determine which queue to put the packet based on the
QoS label. Then the queues are served based on configured weights. There are
4 egress queues in the BBS 1000+ uplink interface. The system queue
scheduling is running in Strict Priority and Weighted Round-Robin (WRR) mode.
In default mode, Queue 3 is running in Strict priority mode.

Queue 0 to 2 are running in WRR mode. Strict Priority queue is always being
served first. Each queue can be configured to run in Strict priority mode by set
the queue weight to 0. And each queue can be configured to run in WRR mode
by set the weight from 1 to 0xF to the queue.
In BBS 1000+ default DSCP to CoS map is disabled, i.e. all DSCP packets has
the CoS priority of 0. When QoS is enabled, the default DSCP to CoS map is:
Default Dscp-cos map:
d1 : d2 0 1 2 3 4 5 6 7 8 9
---------------------------------------
0 : 0 0 0 0 0 0 0 0 1 1
1 : 1 1 1 1 1 1 2 2 2 2
2 : 2 2 2 2 3 3 3 3 3 3
3 : 3 3 4 4 4 4 4 4 4 4
4 : 5 5 5 5 5 5 5 5 6 6
5 : 6 6 6 6 6 6 7 7 7 7
6 : 7 7 7 7
We use DSCP to CoS map to generate a CoS value, which is used to select one
of the four egress queues. The mapping can also be modified.
Table 66 BBS 1000+ Default CoS Priority to Queue Map
0 1 2 3 4 5 6 7
CoS Priority
CoS Queue 0 0 1 1 2 2 3 3
Table 67 BBS 1000+ Default Queue Scheduler
CoS Queue 0 1 2 3
Weight 4 8 12 0

BBS 1000+ QoS Overview 381
QoS Configuring Configure under GE interface, Link Aggregation interface and interface range.
Commands
Table 68 QoS Configuring Commands

Enter the GE port(i.e. GE1/2), Link Aggregation or interface range configuration command mode
Enable mls qos [no] mls qos
choose a queue to assign priority [no]mls qos queue-set output <queue ID> strict-priority | {wrr
<weight> }
queue ID: 0-3 weight : 1-15
configure dscp to cos mapping [no]mls qos map dscp-cos <dscp value> to <cos vlaue>
configure dscp to mutation mapping [no] mls qos map dscp-mutation <dscp value> to < mutation vlaue>
configure ip-prec to dscp mapping. [no] mls qos map ip-prec-dscp < ip-prec value> to < dscp vlaue>
configure mls qos map trust [no] mls qos map trust < dscp | ip-prec >
Display mls information show mls qos interface {giga-ethernet<range> | link-aggregation
<linkid>}
show mls qos maps {dscp-cos | dscp-mutation | ip-prec-dscp }
interface {giga-ethernet<range> | link-aggregation <linkid>}
show mls qos queue-set interface {giga-ethernet<range> |
link-aggregation <linkid>}
QoS Configuring
Procedure
1 Enable mls qos.

2 Configure QoS map trust policy
3 Display the configuration on GE interface, Link aggregation or interface range.
4 Below are Optinal Qos parameter configuration
Configure QoS mapping method
dscp to mutation mapping
ip-prec to dscp mapping
dscp to cos mapping
Assign priority to a queue
ACL and QoS ACL rule example:
profile start aaa:
field 1 field1: EtherII tag vlan priority IP dscp s

rule 4 rule1: vlan 5 priority 3 IP dscp 2 action remark_prio

new_priority 5 remark_dscp new_dscp 4
profile end
There may be some conflicts between ACL remark configuration and mls
qos maps. ACL remark rules have higher priority than mls qos maps table.
So if there are the conflicts, the system will use ACL remark rules instead of
mls qos maps table.
We use ACL table to implement the policy based QoS.
BBS 1000+ QoS

Configuration
Example
Application Description The following example only to demonstrate QoS working mechanism.In theGE
port send large amount data to the GEPON system. And in the downlink ports
set rate limit to control the output rate (to ONU). This will make BBS 1000+
system's downlink become a bottleneck. Then one can observe ONU site's data
flow receving condition and therefore analyze whether QoS works.
Topology Example Figure 131 Example Network for Configuring QoS

BBS 1000+ QoS Configuration Example 383
In the BBS 1000+ system's GE port GE3/2 send 32 data flows. The total rate is
1000Mbps. Every 8 data flows (250Mbps) are set to priority 0-7 an d sent to
ONUs. In the downlink port GE1/1 set output's rate-limit as 200Mbps, The total 8
data flows have a rate of 250M. This will form bottleneck at port GE1/1's output
direction.
Configuration Tasks Configure QoS on GE3/2

1 Enter GE3/2 interface configuration mode.
2 Enable QoS on GE3/2 port.

telnet@BBS1000+(config-t-if-ge-3/2)# mls qos
3 Configure QoS map trust as ip-prec.

telnet@BBS1000+(config-t-if-ge-3/2)# mls qos map trust
ip-prec
4 Verify the QoS configuration on GE3/2.

telnet@BBS1000+(config-t-if-ge-3/2)# show mls qos interface
giga-ethernet 3/2
Giga-ethernet 3/2
Trust admin state: ip-precedence
Trust mode: ip-precedence
trust enabled flag: enabled
Qos is using self configuration!
Qos Enabled flag: enabled
Qos DSCP Map: enabled
Qos Map trust mode: ip-precedence
Configure QoS on GE1/1

1 Enter GE1/1 interface configuration mode.
2 Enable QoS on GE1/1 port.

telnet@BBS1000+(config-t-if-ge-1/1)# mls qos
3 Configure QoS map trust as dscp.

telnet@BBS1000+(config-t-if-ge-1/1)# mls qos map trust dscp
4 Display QoS configuration on GE1/1.

telnet@BBS1000+(config-t-if-ge-1/1)# show mls qos interface
giga-ethernet 1/1
Giga-ethernet 1/1

Trust admin state: trust dscp

Trust mode: trust dscp
trust enabled flag: enabled
Qos is using self configuration!
Qos Enabled flag: enabled
Qos DSCP Map: enabled
Qos Map trust mode: trust dscp
Configure ratelimit on GE1/1

telnet@BBS1000+(config-t-if-ge-1/1)# rate-limit output 200
telnet@BBS1000+(config-t-if-ge-1/1)# show configuration

running

description "GE-1"
no shutdown
mls qos
mls qos map trust dscp
rate-limit output 200 burst-size 512
exit
Result Analyze
The GE port sends 1000Mbps data to GEPON system, the ONU receiving result
is
1 The receiving data rate for each ONU is 50Mbps.
2 The priorities of those 50Mbps are 6 and 7.
Since BBS 1000+ system bandwidth bottleneck, the system will activate QoS to
make sure that higher priority data will be forwarded. And lower priorities data
migh get discarded.

SYSTEM ADMINISTRATION
16
This chapter describes the system administration functions listed below:
User Account Management
File Management
User Account Local CLI user accounts can be created, modified, maintained and deleted by
Management the system administrator. A user account consists of a user name, password
and an access (privilege) level. The four BBS 1000+ access levels are listed
below.
0------Read-Only
1------Port-Config (port)
2------Super User (write) (all operations excluding user account
management)
10----System Administrator (all operations including user account
management)
The access level controls which CLI interfaces and related commands are
available to the user.
The default system administrator's account and password are: admin and
admin.
Each CLI command is also assigned an access level. A user must have an
equal or higher access level to perform the related command. The command
levels are listed below:
0------Read-Only level command (These commands only display information
and cannot be used to modify the system)
1------Port-Config level command (These commands can be used to add,
modify and delete port level configurations)
2------Super User level command (These commands can be used to perform
all operations with the exception of account management)
10----System Administrator (These commands can be used to modify the
entire system including login and account management)

386 Chapter 16: System Administration
User Management The following user configuration tasks are described below:
Operations
Table 69 User Management Commands

Add new user account user add <username> <password> <access-level>
Delete user account user delete <username>
Change user password user password <username>
Change user access level user accesslevel <username> < access-level>
List user accounts show user
After entering this command and pressing Enter, the system will prompt "Enter
new password" and "Confirm new password" enter the new password, and then
press Enter.
Examples of User Change password for Administrator

Management Change the default password of administrator from admin to Myadmin.
2 Reconfigure administrator's password.

There are two methods to change admin's password:
Enter all configurations in one CLI command.
telnet@BBS1000+(config-mgmt)# user password admin
new-password Myadmin confirm-password Myadmin
modify user "admin" password success.
Enter configurations as following description.

telnet@BBS1000+(config-mgmt)# user password admin < press
Enter>
Enter new password:****** < press Enter>
Confirm new password:****** < press Enter>
modify user "admin" password success.

User Account Management 387
success
4 Verify the new password of administrator.

telnet@BBS1000+(config-mgmt)#logout
Press <Enter> the prompt will be appeared as below:

Username: admin
Password: ******
telnet@BBS1000+>
Add a Super user

For daily configuration on BBS 1000+, here adding a Super user as below:
User Account Myoperator
User Password operator
Access Level 2

2 Add a Super user.

telnet@BBS1000+(config-mgmt)# user add Myoperator operator 2

success
4 Display the user of BBS 1000+.

telnet@BBS1000+(config-mgmt)# show user
User Access
----------------------+---------
Myoperator 2
admin 10

telnet@BBS1000+(config-mgmt)#logout
Username:Myoperator
Password:******

telnet@BBS1000+>
Delete a user
Only administrator can delete user account on the BBS 1000+.Here we assume
to delete the user Myoperator.
2 Delete a user.
telnet@BBS1000+(config-mgmt)# user delete Myoperator
Are you sure you want to delete this user (y/n)? y
delete user "Myoperator" success.
3 Verify the deleting.

telnet@BBS1000+(config-mgmt)# show user
User Access
----------------------+---------
admin 10
File Management This section describes how to manage configuration files and software image
files. Configuration parameters of the device are saved in the configuration file.
Software image file is indispensable for switch running, and cannot be modified
in the system normal running process except version upgrade.
System Start Up Method When the BBS 1000+ system starts up it can get the image file using one of the
following two methods:
BBS 1000+ Flash Memory: Start up the system via the image file
(BBS1000plus.stz) in the BBS 1000+ Flash memory.
FTP Server: Start up the system via an image file (BBS1000plus.st) on the
FTP Server.
During the system boot up process, if the system cannot get the image file or for
any reason the boot up process is interrupted, the [VxWorks Boot]: prompt will
be displayed.
In this situation the following parameters will need to be reconfigured. These

parameters will be displayed after entering "p" at the [VxWorks Boot]: prompt.
[VxWorks Boot]: p

File Management 389
boot device : flash

unit number : 0
file name : BBS1000plus.stz
inet on ethernet (e) : 192.168.103.235
host inet (h) : 192.168.103.26
gateway inet (g) : 192.168.103.26
user (u) : target
ftp password (pw) : target
flags (f) : 0x0
target name (tn) : s=
other (o) : motfcc
[VxWorks Boot]:
During system failure, connection to the BBS 1000+ system must be made via
the Console port .
System File Introduction Under a normal BBS 1000+ system, user can check the system file directory via
command file-system list. The system's root directory is flash: and nvm:
1 Check files and directory information for root directory flash:

size date time name

-------------------------------------------------
3649228 JAN-01-1980 00:00:00 BBS1000plus.stz
1024 JAN-01-1980 00:00:00 <DIR> onuImage
28 JAN-01-1980 00:00:02 sysInfo
2 Check files and directory information for root directory nvm:

telnet@BBS1000+(config-mgmt)# file-system list nvm:
size date time name

-------------------------------------------------
1024 JAN-01-1980 01:47:42 <DIR> cfgdata
178 JAN-01-1980 00:03:12 telnet_filter.txt
182 JAN-01-1980 17:34:48 tel_filter.txt
3 Check files information for directory flash:/onuImage

telnet@BBS1000+(config-mgmt)# file-system list
flash:/onuImage
size date time name

-------------------------------------------------
1024 JAN-01-1980 00:00:00 <DIR> .
1024 JAN-01-1970 00:00:03 <DIR> ..
4 Check files information for directory nvm:/cfgdata

telnet@BBS1000+(config-mgmt)# file-system list nvm:/cfgdata
size date time name

-------------------------------------------------
1024 JAN-01-1980 01:47:42 <DIR> .
1024 JAN-01-1970 00:00:27 <DIR> ..
512 JAN-01-1980 00:00:36 system.db

137450 JAN-01-1980 00:00:00 epon.db
The above checking information, some comments are listed below:

1 The configuration mode for command file-system list is system management.
2 The file directory in command file-system list is case sensitive.
3 Label <DIR> in the result means that the name Section is a directory.
For example, when the result is "1024 JAN-01-1980 00:00:00 <DIR>
onuImage", it means that onuImage is a directory.
4 For more information of system files, please refer to the following table.
Table 70 System Files
File name Description Directory

bootrom_uncmp.bin BBS1000+ Bootrom file flash:
onu.bin ONU Bootrom file flash:/onuImage
BBS1000plus.stz BBS1000+ image file flash:
system.db system default configure file nvm:/cfgdata
epon.db user configure file nvm:/cfgdata
File Configuration Tasks File configuration tasks are listed below:

Table 71 File Configuring Commands

Download/Upload the BBS1000+ Files through FTP server ftp <host> get|put <username>
<password><local-file-path><remote-file-path>
Update the BBS1000+ Boot ROM Image through FTP server bootrom-update <host> <username> <password>
<file-name-path>
Copy the source file to the destination file file-system copy <src> <dst>
Create the directory. file-system mkdir <directory>
Change the file name file-system rename<src> <dst>
Remove the file with the file name file-system remove <filename>
List information under the specify directory file-system list<directory>
Format the memory file-system format <dst-device>
Configuring boot method from FTP, Flash boot system <ftp: | flash: >
Save running configuration into the startup-config file save
Display system boot attributes show boot attributes
Display the system firmware version show version

Firmware Upgrade Procedure 391
Firmware Upgrade The following procedures describe the process when a system firmware
Procedure upgrade or re-installation is required.
The firmware package which is normally copied to the local management PC.
Table 72 describes the files and folder in the firmware upgrade package.
Table 72 Firmware Upgrade Files and Destination Folders
Destination Directory on
File Name Description the BBS1000+
bootrom_uncmp.bin BBS1000+ Bootrom file flash:
onu.bin ONU Bootrom file flash:/onuImage
BBS1000plus.stz BBS1000+ image file flash:
BBS1000plus.st BBS1000+ image file ftp server:
BBS1000plus_Release_Notes.doc upgrade guide
Normally the management PC functions as an FTP server and the firmware files
are located on the PC, as shown Figure 132:
Figure 132 Firmware update files on the management PC

The firmware upgrade process is shown in Figure 133.

Figure 133 Firmware Upgrade Process Diagram

Firmware Upgrade Normally In-band Management 393
For security concern, user might first to do backup for system configuration file
epon.db which is located in directory nvm:/cfgdata.
The following sections describe the firmware upgrade procedure according to

the following two conditions:
Firmware upgrade under normal condition.
Firmware upgrade after system failure.
Firmware Upgrade Application Description

Normally In-band When the BBS 1000+ system is able to boot up normally, then the firmware
Management
upgrade procedure can be performed via In-band management. In the following
example, the system firmware is upgraded from version 2.31.00.007 to version
2.31.00.012 using In-band management.
Example Topology
Figure 134 Example Firmware Upgrade Topology
As shown in the Figure 134, the management PC is connected to the BBS

1000+'s uplink port GE3/1 via the Cisco 3750 switch.
Pre-Upgrade Requirements
1 The BBS 1000+ system can boot up normally. (If not refer to VxWorks
Configuration After System Failure on page 398.
2 The management PC can telnet the BBS 1000+ system via In-band.
Configuration Tasks The following tasks should be performed to configure the system as shown in
the topology in Figure 134.
1 Configure FTP Server
2 Configure BBS 1000+

Configure FTP Server

The management PC will function as the FTP server during the firmware
upgrade process.
1 Install FTP Server software on the management PC. In this example the
3CDaemon program is used.
2 From the Windows Start menu, select [Programs/3CDaemon /3CDaemon] to
start the FTP server. The 3CDaemon window is displayed, as shown in Figure
135.
Figure 135 3CDaemon Main Window
3 Click the FTP Server button the left side of of the 3CDaemon window.
4 Click the Configure FTP Server icon, to open the 3CDaemon Configuration
window, as shown in Figure 136.

Figure 136 3CDaemon Configuration
5 Select the FTP Profile tab page and then set the following parameters to create
a new profile:
Profile Name: gepon
User's password: geponbbs
User Directory: Directory where the firmware image files are saved. For
example, d:\Gepon
6 Select the Login, Download and Upload checkboxes.

7 Save the profile by clicking < Save Profile> and then click <OK>.
8 If the FTP server does not start automatically, click the (FTP Server is stopped.
Click here to start it) icon to start up the FTP server. The Start Time will be
displayed, as shown in Figure 137.

Figure 137 3CDaemon: FTP Server Start Up
When using different FTP server software, refer to the related software
manuals.
Configure BBS 1000+
1 Log in to BBS 1000+ as a user with administration privileges, then enter the
following commands to access the CONFIG Management command mode.
BBS1000+>enable
BBS1000+#
2 Check BBS 1000+ system's version information.

BBS1000+(config-mgmt)#show version
BBS1000+ software release version: BBS1000+_02.31.00.007

built Aug 23 2005 17:56:12
Bootrom version : 1.0.0.0
Passave version: PASSAVE OLT 5001 Firmware revision 4.14.6.2 +
Plato 1.52
Broadcom chip version: BCM5695_B0
Broadcom revision number: 0x11
Broadcom SDK version: sdk4.2.4
Check the BOOTROM version number, if the BOOTROM version is the same
as the new image file as listed in the Release_Note.doc file, then skip step 3.
Otherwise, upgrade the BOOTROM File first. (In this example the previous
version is 01.00.00.000 but the upgrade version is 01.03.01.000).
3 Upgrade the BOOTROM file by downloading it from the FTP server to the BBS
1000+ Flash memory, using the bootrom-update command.

4 (In the following command the first parameter is the FTP host IP address,
"gepon" is the user's name, "geponbbs" is the user's password and
"bootrom_uncmp_BBS1000plus.bin" is the filename of the new BOOTROM file.)
BBS1000+(config-mgmt)# bootrom-update 192.168.103.37 gepon
geponbbs bootrom_uncmp_BBS1000plus.bin
.................................
Before upgrading the image file, is recommended to back up the previous image
file. This can be performed using one of the following methods:
Save it in the Flash memory: Due to the limited capacity of BBS 1000+ Flash
memory, this is not recommended.
Save it on the FTP Server.
Follow the step below to save the previous image file to the FTP Server.
1 Upload the previous image files to the FTP server using the ftp command.
2 (In the following command the first parameter is the FTP host IP address, "put"
indicates a FTP upload action, "gepon" is the user's name, "geponbbs" is the
user's password, "BBS1000plus.stz" is the local Bootrom path and filename on
BBS 1000+, and "BBS1000plus_1.0.1.stz" is the remote filename on the FTP
server.)
BBS1000+(config-mgmt)# ftp 192.168.103.37 put gepon geponbbs
flash:/BBS1000plus.stz BBS1000plus_1.0.1.stz
3 Download the new image file from the FTP server to the BBS 1000+ Flash
memory using the ftp command.
4 (In the following command the first parameter is the FTP host IP address, "get"
indicates a FTP download action, "gepon" is the user's name, "geponbbs" is the
user's password, "BBS1000plus.stz" is the local Bootrom path and filename on
BBS 1000+, and "BBS1000plus.stz" is the remote filename on the FTP server.)
BBS1000+(config-mgmt)# ftp 192.168.103.37 get gepon geponbbs
flash:/BBS1000plus.stz BBS1000plus.stz
5 Verify that the newly downloaded image file can be found in the BBS 1000+
flash: directory.
size date time name

-------------------------------------------------
3649228 JAN-01-1980 00:00:00 BBS1000plus.stz
1024 JAN-01-1980 00:00:00 <DIR> onuImage
28 JAN-01-1980 00:00:02 sysInfo
6 Check system's boot file name

BBS1000+(config-mgmt)# show boot attributes


IP address : 192.168.103.199
IP mask : 255.255.255.0
host IP address : 0.0.0.0
next hop : 192.168.103.254
ftp user password : geponbbs
boot device : flash
Run the following command if the boot file name is diffrent from the new image
file in the BBS1000+ Flash memory.
BBS1000+(config-mgmt)# boot system flash BBS1000plus_New.stz
7 Reboot the system to activate the image upgrade.

BBS1000+(config-mgmt)# reboot
8 Verify the upgraded version information, particularily the first line, as shown
below.
BBS1000+# show version
BBS1000+ software release version: BBS1000+_02.31.00.012

built Aug 23 2005 17:56:12
Bootrom version : 1.3.1.0
Passave version: PASSAVE OLT 5001 Firmware revision 4.14.6.2 +
Plato 1.52
Broadcom chip version: BCM5695_B0
Broadcom revision number: 0x11
Broadcom SDK version: sdk4.2.4
During the upgrade process, if a problem is encountered and the system will
not boot up, refer to the following section: VxWorks Configuration After
System Failure
VxWorks When the system image file will not load or the system boot up process is
Configuration After interrupted, the system will enter the [VxWorks Boot]: prompt.
System Failure
This section describe how to configure BBS 1000+ under the Vxwoks command
mode, therefore BBS 1000+ can boot up normally. For upgrading the BBS
1000+, please refer to the above section "Firmware Upgrade Normally In-band".
[VxWorks Boot] Mode

Introduction
1 During system failure or when the boot up process is interrupted, BBS 1000+
enters the [VxWorks Boot]: mode as displayed below:
[VxWorks Boot]:
2 In the [VxWorks Boot]: mode the following commands can be issued:

? -to show commands list
p -to show current system's start up parameters

VxWorks Configuration After System Failure 399
@ -to reboot the system

c -to modify the system's startup parameters
3 In the next example the "p" command is issued to display the current system's
start up parameters:
[VxWorks Boot]: p
boot device : motfcc

unit number : 0
host name : host
file name : BBS1000plus.st
inet on ethernet (e) : 192.168.103.235
host inet (h) : 192.168.103.12
gateway inet (g) : 192.168.103.254
user (u) : bbs
ftp password (pw) : bbs123
flags (f) : 0x0
target name (tn) : BBS1000+
other (o) : flash
Boot parameters relating to firmware upgrade are described in Table 73.

Table 73 System Boot Parameters
Example Value in booting from FTP

Boot Parameter Description boot
boot device Controls how the system is started. motfcc
flash: Boots up from Flash
motfcc: Boots from FTP
file name Software image file name. BBS1000plus.st
FTP boot has an ".st" file extension
Flash boot has an ".stz" file extension
inet on ethernet (e) Out-band Management port IP address 192.168.103.235
host inet (h) FTP server's IP address 192.168.103.12
gateway inet (g) Gateway IP address 192.168.103.254
ftp user (u) The user account name bbs
ftp password (pw) The user account password bbs123
flags (f) The beginning location in the flash identified by the 0x0
pointer to bootup BBS1000+.
target name (tn) The target machine's symbolic name, which can be used BBS1000+
for identification
other (o) If bootrom can not load runtime image described by boot flash
device parameter, it will try to load from this device.
Application Description After a system failure, the following example procedure can be performed to
re-establish a connection with the FTP server and upgrade the BBS 1000+
firmware and image file.

When the system has failed or the boot up process has been interrupted, the
Console port is the only port that can be accessed on the BBS 1000+. In the
following example an Out-band connection will be established with the BBS
1000+. Then the system boot parameters will be configured and BBS 1000+ will
be restarted. The system will now boot up from the FTP server connected to the
Out-band Management port, as shown in Figure 138.
Example Topology Figure 138 Firmware Upgrade Under Abnormal State
Configuration Tasks The tasks below must be performed to establish a connection with the FTP
server, as shown in Figure 138.
1 Set up FTP Server
2 Configure the BBS 1000+ system boot parameters
Set up FTP Server

For FTP Server configuration, refer to Configure FTP Server on page 394.
Ensure that the image file "BBS1000plus.st" has been copied to the FTP
server's current directory.
Connect to the BBS 1000+ Console port

To connect to the BBS 1000+ via the Console port, refer to Using Terminal
Emulation to login to BBS 1000+ on page 31.
Configure the BBS 1000+ system boot parameters

Once connection is established with BBS 1000+, the following system prompt
will be displayed.
[VxWorks Boot] :
1 To change the system boot parameters, type "c" and then press Enter, as
shown below.
[VxWorks Boot] :c

VxWorks Configuration After System Failure 401
2 The boot device parameter is displayed. Enter "motfcc" which is the FTP
server's device ID and press Enter, as shown below.
boot device: flash motfcc
3 For the next two parameters no modification is required, so press Enter two
times to skip these parameters.
processor number: 0 < press Enter>
host name: < press Enter>
4 The file name parameter is displayed. Enter the name of the Image file on the
FTP server (BBS1000plus.st) and then press Enter.
file name: BBS1000plus.st
5 The inet on ethernet parameter is displayed. Enter the IP address of the BBS
1000+ out-band Management port, and then press Enter.
inet on ethernet (e): 192.168.103.199
6 The host inet parameter is displayed. Enter the IP address of the FTP server,
and then press Enter.
host inet (h): 192.168.103.37
This IP address must be in the same subnet as the out-band Management IP

address configured previously.
7 The gateway inet parameter does not need to be configured, so press Enter to
continue.
gateway inet (g): < press Enter>
8 The user parameter is displayed. Enter the user name, and then press Enter.
user (u): gepon
9 The ftp password parameter is displayed. Enter the password, and then
press Enter.
To remove a password, enter the VxWorks Boot command "." (a period) to
clear the field, and then press Enter.
10 ftp password (pw): geponbbs
11 The last four parameters do not need to be configured, so press Enter four times
to skip these.
flags (f): 0x0 < press Enter>
target name (tn): < press Enter>
startup script (s) : < press Enter>
other (o): < press Enter>
12 When all the parameters are configured, the following prompt will display.
Press @ and then Enter, to resume the start up process.

[VxWorks Boot]: @
13 The system should now continue to boot up normally. Enter the user name and
password to enter the CLI EXEC command mode, as shown below.
telnet@BBS1000+>
14 Enter enable and then configure management to enter the Configuration

Management command mode, as shown below.
telnet@BBS1000+#
15 From the config-mgmt prompt enter the show boot attributes command to
display the boot parameters, as shown below.
BBS1000+(config-mgmt)# show boot attributes

IP address : 192.168.103.199
IP mask : 255.255.255.0
host IP address : 192.168.103.37
next hop : 192.168.103.254
ftp user password : geponbbs
boot file name : BBS1000plus.st
boot device : motfcc
16 The system has now successfully booted from the FTP server. The BBS 1000+
system firmware can now be upgraded. Refer to Firmware Upgrade Normally
In-band Management on page 393.

TERMS AND ACRONYMS
A
These terms and acronyms are used throughout the UTStarcom GEPON
system documentation. While not all terms in this list are used in this particular
document, the complete list is provided to ensure fast access to the definition of
these terms regardless of how they are encountered.
ACL Access Control List
ARP Ethernet Address Resolution Protocol
CLI Command Line Interface
CO Central Office
CoS Class of Service
CPE Customer Premise End
DBA Dynamic Bandwidth Allocation
DHCP Dynamic Host Configuration Protocol
E/O Electronical to Optical
GE-PON Gigabit Ethernet Passive Optical Network
GSM Gigabit BBS 1000+ Main Board (GEPON System Module)
GUI Graphical User Interface
HDLC High-level Data Link Control
HOL Head-Of-Line
HTTP Hypertext Transfer Protocol
ICMP Internet Control Message Protocol

404 APPENDIX A: TERMS AND ACRONYMS
IEEE Institute of Electrical and Electronics Engineering
IETF Internet Engineering Task Force
IGMP Internet Group Management Protocol
IP Internet Protocol
IVL Independent VLAN Learning
LAN Local Area Network
LG Link Aggregation
LGID Link Aggregation Identifier
LTM Optical Line Termination Module
MAC Medium Access Control
MIB Management Information Base
MTU Maximum Transmission Unit
NTP Network Time Protocol
OAM Operations, Administration and Maintenance
OLT Optical Line Terminal
ONU Optical Network Unit
OSPF Open Shortest Path first
PDU Protocol Data Unit
PIM-SM Protocol Independent Multicast-Sparse Mode
PON Passive Optical Network
POS Packet over SONET
PPP Point-to-Point Protocol

405
QoS Quality of Service
RADIUS Remote Authentication Dial In User Service
RFC Request For Comments
RIP Routing Information Protocol
RMII Reduced Medium Independent Interface
RMON Remote Monitoring
RSTP Rapid Spanning Tree Protocol
RSVP Resource Reservation Protocol
SFU Single Family home Units
SLA Server Level Agreement
SMF Single Mode Fiber
SNMP Simple Network Management Protocol
SOHO Small Office /Home Offices
STP Spanning Tree Protocol
TCP Transmission Control Protocol
TOS Type of Service
UTP Unshielded Twisted Pair
VID VLAN Identifier
VLAN Virtual LAN
VoIP Voice over IP
VPN Virtual Private Network

UTStarcom, Inc. USA
1275 Harbor Bay Parkway Alameda, CA 94502, USA
Tel. 510-864-8800 Fax. 510-864-8802
China India Japan Europe Latin America

No. 368 Liuhe Road, 805 Signature Towers II, Shiba Koen Parktower 9F/10F Campus Kronberg 7 2801 SW 149th Ave
Hi-Tech Industry Development Zone, South City I 2-11-1 Shiba-koen, Minato-ku Kronberg, 61476 Suite 100
Binjiang, Hangzhou 310053, PRC Gurgaon, Tokyo 105-0011 JAPAN Germany Miramar, FL 33027, USA
+86-571-81920000 Haryana 122001, India +81-3-6430-8600 +49 (617) 3946-3460 954-447-3077
+91 124 5166100
About UTStarcom www.utstar.com
Headquartered in the United States with sales, support, and manufacturing facilities worldwide, UTStarcom designs, manufactures, sells, and installs an
integrated suite of wireless and wireline access network and switching systems. UTStarcoms complete suite of network equipment gives telecommunication
service providers the means to cost-effectively provide efficient and scalable voice, data, and Internet services around the globe.
Copyright 2006-2007 UTStarcom, the UTStarcom logo, !-Volution, AIRSTAR, AN-2000, AN-FTTB, CommWorks, the CommWorks logo, iAN, iCell, Internode,
Intranode, iPATH, ISP, MovingMedia, mSwitch, Next Generation Network Technology. Now, NGDLC, PAS, PAS Wireless, Seamless World, Softexchange,
Sonata, Sonata Access Tandem, Sonata HLR, Sonata IP, Sonata MSC, Sonata WLL, Telos, Total Control, Unitech, WACOS, WICOPS, WLL, and Xtreme IP are
registered trademarks or trademarks of UTStarcom, Inc. and its subsidiaries.
Doc. Code L2 CO00 2321 06 15 00

Utstarcom en GEPON BBS1000plus CLI Operation R2.32.1.28

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Utstarcom en GEPON BBS1000plus CLI Operation R2.32.1.28

Загружено:

Авторское право:

Доступные форматы

GEPON OLT

Optical Line Terminal

Doc. Code L2 CO00 2321 06 15 00

Optical Line Terminal

Doc. Code L2 CO00 2321 06 15 00

ABOUT THIS GUIDE

1 COMMAND LINE INTERFACE

2 BEFORE SYSTEM CONFIGURATION

3 STARTING UP BBS 1000+ SYSTEM

Doc. Code L2 CO00 2321 06 15 00 GEPON OLT BBS 1000+

ONU Registration Process ................................................................................................. 52

GEPON OLT BBS 1000+ Doc. Code L2 CO00 2321 06 15 00

4 IN-BAND AND OUT-BAND SETTING

Doc. Code L2 CO00 2321 06 15 00 GEPON OLT BBS 1000+

Configuration Requirements ....................................................................................... 103

GEPON OLT BBS 1000+ Doc. Code L2 CO00 2321 06 15 00

Create a Routed Interface........................................................................................... 128

Doc. Code L2 CO00 2321 06 15 00 GEPON OLT BBS 1000+

ARP Configuring Commands ........................................................................................... 149

GEPON OLT BBS 1000+ Doc. Code L2 CO00 2321 06 15 00

7 CONFIGURING GEPON FEATURES

Doc. Code L2 CO00 2321 06 15 00 GEPON OLT BBS 1000+

Deleting the Example Configuration ................................................................................ 187

GEPON OLT BBS 1000+ Doc. Code L2 CO00 2321 06 15 00

ONU Downstream Configuring ......................................................................................... 206

Doc. Code L2 CO00 2321 06 15 00 GEPON OLT BBS 1000+

Remotely Upgrade ONU ............................................................................................. 228

8 CONFIGURING REMOTE AUTHENTICATION

Application Description................................................................................................ 250

11 CONFIGURING DHCP SERVER

12 CONFIGURING DHCP RELAY

GEPON OLT BBS 1000+ Doc. Code L2 CO00 2321 06 15 00

Example Topology....................................................................................................... 312

Doc. Code L2 CO00 2321 06 15 00 GEPON OLT BBS 1000+

Specifying ACL Profiles .................................................................................................... 345

GEPON OLT BBS 1000+ Doc. Code L2 CO00 2321 06 15 00

Configure a Routed Interface on the Cisco switch ...................................................... 369

Doc. Code L2 CO00 2321 06 15 00 GEPON OLT BBS 1000+

Application Description ............................................................................................... 393

A TERMS AND ACRONYMS

GEPON OLT BBS 1000+ Doc. Code L2 CO00 2321 06 15 00

Doc. Code L2 CO00 2321 06 15 00 GEPON OLT BBS 1000+

Table 53 Compare Forwarding and Access mode ...............................................................339

GEPON OLT BBS 1000+ Doc. Code L2 CO00 2321 06 15 00

Doc. Code L2 CO00 2321 06 15 00 GEPON OLT BBS 1000+

Figure 53 ONU Downstream Policy Configuration ............................................................. 211

GEPON OLT BBS 1000+ Doc. Code L2 CO00 2321 06 15 00

Figure 108 Internet Protocol (TCP/IP) Properties ................................................................ 319

Doc. Code L2 CO00 2321 06 15 00 GEPON OLT BBS 1000+

GEPON OLT BBS 1000+ Doc. Code L2 CO00 2321 06 15 00

This manual corresponds with software version Release 2.32.01.28. Before

Table 1 Notice Icon Descriptions

Icon Notice Type Description

Doc. Code L2 CO00 2321 06 15 00 GEPON OLT BBS 1000+

Table 1 Notice Icon Descriptions (continued)

Icon Notice Type Description

Table 2 Text Convention Descriptions

GEPON BBS 1000+ Release 2.32.01.028 System Message Guide

Before contacting technical support, have this information available:

Contact details for the China Service Center can be found at

Contact details for all other Service Centers can be found at

Contacting Technical To provide comments on this documentation, send an e-mail to:

Part Number L2 CO00 2321 06 15 00 GEPON OLT OLT BBS 1000+

2 Start a terminal emulation program, in this example, Windows HyperTerminal is